[Bro-Dev] ipv6 fragment reassembling
Seth Hall
seth at icir.org
Wed Feb 22 17:11:55 PST 2012
Here is a great article about ipv6 fragment handling.
http://blog.si6networks.com/2012/02/ipv6-nids-evasion-and-improvements-in.html
The article concludes by point out that it looks like the IETF is converging on RFCs that forbid overlapping fragments which should make fragment reassembly much clearer for us. Current operating systems are of course all over the map in terms of what they actually support of course. :)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list