How much packet fragmentation do folks see in "normal" Internet
traffic? I.e. where path-MTU discovery hasn't been broken, etc.
In other words: what should I expect if I were to simply disallow all
inbound fragments?
Also, at a BayLISA meeting last week, Brent mentioned something about
fragmentation being used to bypass packet filtering by somehow re-writing
part of the header during reassembly, and I think he mentioned this as
being something that Mitnick did as part of attacking Shimomura's machine(s)?
Was this just the result of a buggy IP stack somewhere interpreting the
offset field as a signed integer or something equally stupid?
Thanks...
--
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
