Paul Cardon wrote:
> Mikael Olsson wrote:
> > *ahem* I beg to differ. I know of at least _ONE_ that does fragment
> > reassembly. (I wrote the reassembly algorithm; I ought to know).
> > Although granted, I obviously don't work at checkpoint :-)
>
> Well, that's one more than I knew about. Sounds like I at least need to
> do some reading on Enternet if not play with it at some point.
> Question. Do you then pass the original fragments or the result of the
> reassembly?
They're not the only ones. The Lucent Managed Firewall also reassembles
fragments. As far as I was concerned this was the only safe method of dealing
with fragments, short of not passing them at all. The reassembled packet is
shipped out either as fragments or reassembled, depending on the MTU of the
outbound interface. I've noticed that a fair number of home firewall hardware
solutions are taking the cowards route and dropping all fragments. One vendor
said that it was for the customers own good that they were dropping the
fragments. And I guess if your not going to reassemble them, dropping is the
next best thing but passing them allow just seems bad.
---Michael J Coss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
