Is IP fragmentation still considered vulnerable?
Guest Post: IPID has a 25+ year history of abuse as a network side channel. This post categorizes IPID exploits, and makes a surprising recommendation about mitigating them.
Tag: fragmentation
RFC 9518 — What can Internet standards do about centralization?
Guest Post: RFC 9518 “Centralization, Decentralization, and Internet Standards” has been published after more than two years of review, discussion, and revision.
[Podcast] IPv6 fragmentation and the DNS
Discussing the implications of a change to IETF normative language.
Opinion: On Internet centrality and fragmentation
Dealing with dual pitfalls and risks.
IP fragmentation and the DNS — mitigation
Guest post: How to lower the risk of fragmentation-based DNS attacks.
DNS evolution: Innovation or fragmentation?
How should we engage with evolution and innovation in the Internet’s name space?
IP fragmentation and the DNS — Vulnerable DNS servers
Guest Post: One in seven authoritative DNS servers found to be vulnerable to ICMP-based MTU spoofing attacks.
IP fragmentation and the DNS — the state of IP fragmentation
Guest Post: 0.1% of DNS traffic is fragmented, almost all of which comes from DNSSEC signed domains.
Hop-by-hop extension headers
Can hop-by-hop extension headers solve the IPv6 path MTU discovery problem?
More notes from IETF 112
Geoff Huston on currently active IETF routing security, IPv6, and transport discussions.