From owner-freebsd-net  Tue Feb 23  7:15:40 1999
Delivered-To: freebsd-net@freebsd.org
Received: from obie.softweyr.com (unknown [204.68.178.33])
	by hub.freebsd.org (Postfix) with ESMTP id DCA67117E1
	for <net@FreeBSD.ORG>; Tue, 23 Feb 1999 07:15:37 -0800 (PST)
	(envelope-from wes@softweyr.com)
Received: from softweyr.com (zaphod.softweyr.com [204.68.178.35])
	by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id IAA14087;
	Tue, 23 Feb 1999 08:15:15 -0700 (MST)
	(envelope-from wes@softweyr.com)
Message-ID: <36D2C603.6CDF1DA0@softweyr.com>
Date: Tue, 23 Feb 1999 08:15:15 -0700
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr llc
X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.0-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Archie Cobbs <archie@whistle.com>
Cc: Joao Carlos Mendes Luis <jonny@jonny.eng.br>, net@FreeBSD.ORG
Subject: Re: IP frags from wcarchive ???
References: <199902230646.WAA53266@bubba.whistle.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Archie Cobbs wrote:
> 
> Joao Carlos Mendes Luis writes:
> > What would you suggest to my firewall, then ?  Allow TCP fragment
> > packets, even without knowing its port endpoints ?  Is this completely
> > safe ?
> 
> It's always safe to allow fragments, as long as you properly
> filter the first fragment, assuming the target machine doesn't
> contain som inane bug. Any packet that arrives missing its
> first fragment will eventually get dropped.

What he said.  ;^)

-- 
       "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                 Softweyr LLC
http://www.softweyr.com/~softweyr                      wes@softweyr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message