RFC 1858 (rfc1858) - Page 1 of 10
Security Considerations for IP Fragment Filtering
Alternative Format: Original Text Document
Network Working Group G. Ziemba
Request for Comments: 1858 Alantec
Category: Informational D. Reed
Cybersource
P. Traina
cisco Systems
October 1995
Security Considerations for IP Fragment Filtering
Status of This Memo
This memo provides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
Abstract
IP fragmentation can be used to disguise TCP packets from IP filters
used in routers and hosts. This document describes two methods of
attack as well as remedies to prevent them.
1. Background
System administrators rely on manufacturers of networking equipment
to provide them with packet filters; these filters are used for
keeping attackers from accessing private systems and information,
while permitting friendly agents to transfer data between private
nets and the Internet. For this reason, it is important for network
equipment vendors to anticipate possible attacks against their
equipment and to implement robust mechanisms to deflect such attacks.
The growth of the global Internet has brought with it an increase in
"undesirable elements" manifested in antisocial behavior. Recent
months have seen the use of novel attacks on Internet hosts, which
have in some cases led to the compromise of sensitive data.
Increasingly sophisticated attackers have begun to exploit the more
subtle aspects of the Internet Protocol; fragmentation of IP packets,
an important feature in heterogeneous internetworks, poses several
potential problems which we explore here.
Ziemba, Reed & Traina Informational
