Date: Mon, 22 Feb 1999 22:46:55 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: jonny@jonny.eng.br (Joao Carlos Mendes Luis) Cc: wes@softweyr.com, net@FreeBSD.ORG Subject: Re: IP frags from wcarchive ??? Message-ID: <199902230646.WAA53266@bubba.whistle.com> In-Reply-To: <199902230128.WAA12363@roma.coe.ufrj.br> from Joao Carlos Mendes Luis at "Feb 22, 99 10:28:33 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Joao Carlos Mendes Luis writes: > What would you suggest to my firewall, then ? Allow TCP fragment > packets, even without knowing its port endpoints ? Is this completely > safe ? It's always safe to allow fragments, as long as you properly filter the first fragment, assuming the target machine doesn't contain som inane bug. Any packet that arrives missing its first fragment will eventually get dropped. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902230646.WAA53266>