Chris Brenton wrote:
> [snip]
> rebuilding a packet does not get you anything because your
> not checking offsets, payload, etc.
How could you not check offsets if you manage to reassemble the packet?
Or are you referring to something else?
Of course, one should also _ensure_ that no fragments overlap, and
that no fragments are delivered out of order. If you don't do that,
you're wide open to nasty things like fragrouting and its ilk. (eww)
> This was pretty obvious if you happened to check out the Inspect script
> release to prevent WinNuke. Scary stuff that is easy to get around. ;)
Nope, no hablo Inspect.
(I'm not a fw-1 user) >:-P
Ahwell. If the core of the firewall doesn't handle reassembly, I
sincerely doubt that Inspect could do it (very efficiently).
Ehmm.. Let's kill this thread now :-)
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
