From owner-freebsd-hackers  Mon Aug 19 18:27:27 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id SAA03170
          for hackers-outgoing; Mon, 19 Aug 1996 18:27:27 -0700 (PDT)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id SAA03162
          for <hackers@freebsd.org>; Mon, 19 Aug 1996 18:27:21 -0700 (PDT)
Received: (from danny@localhost) by panda.hilink.com.au (8.7.5/8.7.3) id LAA15553; Tue, 20 Aug 1996 11:27:05 +1000 (EST)
Date: Tue, 20 Aug 1996 11:27:04 +1000 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: michael butler <imb@scgt.oz.au>
cc: hackers@freebsd.org
Subject: Re: Which fragments to discard (was Re: ipfw vs ipfilter)
In-Reply-To: <199608191902.FAA10601@asstdc.scgt.oz.au>
Message-ID: <Pine.BSF.3.91.960820112455.15538B-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk



On Tue, 20 Aug 1996, michael butler wrote:

> 
> Speaking of which, what follows slid right past my border router :-( This
> evening's (-stable + ipfw) log included ..
> 
> Deny TCP <somehost>:24940 202.14.234.65:26735 Fragment = 34
> Deny TCP <somehost>:30569 202.14.234.65:25451 Fragment = 68
> Deny TCP <somehost>:31008 202.14.234.65:29807 Fragment = 102
> Deny TCP <somehost>:24940 202.14.234.65:26735 Fragment = 34
> Deny TCP <somehost>:30569 202.14.234.65:25451 Fragment = 68
> Deny TCP <somehost>:31008 202.14.234.65:29807 Fragment = 102

Hmm,  Aren't they the kind of fragment offsets you would see from someone 
on a slip link with an MTU of 296?  34*8=272.  Add 20 for IP and you get 
292.  Seems kina harsh to me to refuse to talk to the handicapped.

Danny