Posted by Fernando Gont on Jan 12

Folks,

I’m curious about whether folks are filtering ICMPv6 PTB<1280
and/or IPv6 fragments targeted to BGP routers (off-list datapoints are
welcome).

In any case, you mind find it worth reading to check if you’re affected
(from Section 2 of recently-published RFC8021):

—- cut here —-
The security implications of IP fragmentation have been discussed at
length in [RFC6274] and [RFC7739]. An attacker can leverage the…