From owner-freebsd-security  Thu Jan  6 21:32: 1 2000
Delivered-To: freebsd-security@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP id 17479154A5
	for <freebsd-security@freebsd.org>; Thu,  6 Jan 2000 21:32:00 -0800 (PST)
	(envelope-from jwyatt@rwsystems.net)
Received: from bsdie.rwsystems.net([209.197.223.2]) (927 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m126Rrb-000CC9C@bsdie.rwsystems.net>
	for <freebsd-security@freebsd.org>; Thu, 6 Jan 2000 23:23:03 -0600 (CST)
	(Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7)
Date: Thu, 6 Jan 2000 23:23:02 -0600 (CST)
From: James Wyatt <jwyatt@rwsystems.net>
To: freebsd-security@freebsd.org
Subject: Ensuring packet defragmentation in FreeBSD?
Message-ID: <Pine.BSF.4.10.10001062317370.24561-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I've been looking at sevral programs to help test client setups and
learning how they work. I noticed in the nmap manpage, it states:

	"...this method won't get by packet filters and firewalls that
	queue all IP fragments (like the CONFIG_IP_ALWAYS_DEFRAG option
	in the Linux kernel),..."

Does FreeBSD queue packet fragments and/or reassemble them in a way I can
detect this probing by fragmented packets? Which files should I look in?

Thanks - Jy@



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message