[dns-operations] DNS Attack over UDP fragmentation

Francis Dupont Francis.Dupont at fdupont.fr
Wed Sep 4 21:01:47 UTC 2013

 In your previous mail you wrote:

>  Read the paper, the authors mention that the recommendation for IP-ID on
>  IPv6 is a sequential value, so its entropy is meager at best. Also some
>  implementations on IPv4 use sequential value or per destination counters.

=> my comment was about correct IPv6 implementations (:-).
And don't forget the attack is from off-path so only the size matters.


Francis.Dupont at fdupont.fr

PS: cf draft-ietf-6man-predictable-fragment-id-00.txt for the whole
discussion about predictable IPv6 IDs (and before you ask for me
good/correct == BSD :-).

More information about the dns-operations mailing list