Date: Tue, 23 Feb 1999 08:15:15 -0700 From: Wes Peters <wes@softweyr.com> To: Archie Cobbs <archie@whistle.com> Cc: Joao Carlos Mendes Luis <jonny@jonny.eng.br>, net@FreeBSD.ORG Subject: Re: IP frags from wcarchive ??? Message-ID: <36D2C603.6CDF1DA0@softweyr.com> References: <199902230646.WAA53266@bubba.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Archie Cobbs wrote:
>
> Joao Carlos Mendes Luis writes:
> > What would you suggest to my firewall, then ? Allow TCP fragment
> > packets, even without knowing its port endpoints ? Is this completely
> > safe ?
>
> It's always safe to allow fragments, as long as you properly
> filter the first fragment, assuming the target machine doesn't
> contain som inane bug. Any packet that arrives missing its
> first fragment will eventually get dropped.
What he said. ;^)
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.softweyr.com/~softweyr wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36D2C603.6CDF1DA0>