[dns-operations] DNS Attack over UDP fragmentation
Francis Dupont
Francis.Dupont at fdupont.fr
Wed Sep 4 21:01:47 UTC 2013
In your previous mail you wrote:
> Read the paper, the authors mention that the recommendation for IP-ID on
> IPv6 is a sequential value, so its entropy is meager at best. Also some
> implementations on IPv4 use sequential value or per destination counters.
=> my comment was about correct IPv6 implementations (:-).
And don't forget the attack is from off-path so only the size matters.
Regards
Francis.Dupont at fdupont.fr
PS: cf draft-ietf-6man-predictable-fragment-id-00.txt for the whole
discussion about predictable IPv6 IDs (and before you ask for me
good/correct == BSD :-).
More information about the dns-operations
mailing list