Hi,
as Bennett Todd already said, packets should always be reassembled before
checking.
Why?
See RFC 1858.
HTH,
Enno Rey
[EMAIL PROTECTED]
----- Original Message -----
From: "Dave Carmean" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, April 23, 2000 11:54 PM
Subject: Fragmentation in normal traffic?
>
> How much packet fragmentation do folks see in "normal" Internet
> traffic? I.e. where path-MTU discovery hasn't been broken, etc.
> In other words: what should I expect if I were to simply disallow all
> inbound fragments?
>
> Also, at a BayLISA meeting last week, Brent mentioned something about
> fragmentation being used to bypass packet filtering by somehow re-writing
> part of the header during reassembly, and I think he mentioned this as
> being something that Mitnick did as part of attacking Shimomura's
machine(s)?
> Was this just the result of a buggy IP stack somewhere interpreting the
> offset field as a signed integer or something equally stupid?
>
> Thanks...
>
> --
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
