I can't confirm it.
But I can tell you that the statement you describe specifies that if the FW
receives fragmented packages, it will pass them as is, and not perform a
reassembly itself. This is actually pretty logical I'd think, as it is not
the Firewalls job to reassemble packages.
Mike
> -----Original Message-----
> From: paul jones [SMTP:[EMAIL PROTECTED]]
> Sent: a iae 22 2000 7:30
> To: [EMAIL PROTECTED]
> Subject: [FW1] IP Fragment Reassembly
>
>
> Can anyone please confirm that FW1 v4.0 does not pass fragmented
> packets and therefore protects Microsoft hosts from the "IP Fragment
> Reassembly" vulnerability discussed in Microsoft Security Bulletin
> (MS00-029)?
>
> I'm a little confused by the FW1 Architecture & Admin manual
> (1998,p363) which states that "Firewall-1 does not send the reassembled
> packet but rather the fragments as Firewall-1 received them".
>
>
> __________________________________________________
> Do You Yahoo!?
> Send instant messages & get email alerts with Yahoo! Messenger.
> http://im.yahoo.com/
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
