From owner-freebsd-net  Mon Feb 22 22:50: 8 1999
Delivered-To: freebsd-net@freebsd.org
Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7])
	by hub.freebsd.org (Postfix) with ESMTP id 1025A1182D
	for <net@FreeBSD.ORG>; Mon, 22 Feb 1999 22:50:05 -0800 (PST)
	(envelope-from archie@whistle.com)
Received: (from archie@localhost)
	by bubba.whistle.com (8.9.2/8.9.2) id WAA53266;
	Mon, 22 Feb 1999 22:46:55 -0800 (PST)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199902230646.WAA53266@bubba.whistle.com>
Subject: Re: IP frags from wcarchive ???
In-Reply-To: <199902230128.WAA12363@roma.coe.ufrj.br> from Joao Carlos Mendes Luis at "Feb 22, 99 10:28:33 pm"
To: jonny@jonny.eng.br (Joao Carlos Mendes Luis)
Date: Mon, 22 Feb 1999 22:46:55 -0800 (PST)
Cc: wes@softweyr.com, net@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Joao Carlos Mendes Luis writes:
> What would you suggest to my firewall, then ?  Allow TCP fragment
> packets, even without knowing its port endpoints ?  Is this completely
> safe ?

It's always safe to allow fragments, as long as you properly
filter the first fragment, assuming the target machine doesn't
contain som inane bug. Any packet that arrives missing its
first fragment will eventually get dropped.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message