Fragmentation overlapping attacks first appeared in IPv4. As it has been shown, the different handling of overlapping fragments by various Operating Systems (OS) could lead to various security issues, from simple OS fingerprinting to remote code execution. Trying to learn from the mistakes of the past, an RFC was proposed in IPv6 that not only discourages the acceptance of IPv6 fragmentation overlapping packets, but, moreover, it specifically defines how an OS should react when such packets are received. However, as it has been shown, this is not the case for some of the most popular OS. In this presentation, various fragmentation overlapping scenarios will be tested to check if such attacks can still be successful or not. Detailed results of extensive tests will be presented and any non-compliant behaviours will be further discussed regarding the potential security implications. Finally, proper countermeasures will be proposed to handle any potential OS misbehaviour in order to mitigate any security risks.
Antonios Atlasis is an IT Security researcher with a special interest in IPv6 (in)securities. His work has been presented in several IT Security conferences and it has resulted in the discovery of various IPv6-related vulnerabilities. He is the author of Chiron, an IPv6 specialized and very flexible security assessment tool.