Date: Sun, 8 Feb 1998 22:00:53 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: marcs@znep.com (Marc Slemko) Cc: jonny@coppe.ufrj.br, hackers@FreeBSD.ORG Subject: Re: ipfw logs ports for fragments Message-ID: <199802090600.WAA12310@bubba.whistle.com> In-Reply-To: <Pine.BSF.3.95.980208173653.18733P-100000@alive.znep.com> from Marc Slemko at "Feb 8, 98 05:38:42 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Marc Slemko writes: > If you don't explicitly tell ipfw to pass frags, it will not. That will > break some things, but is the safest way. This is not correct.. ipfw will always block fragments whose offset is one (only seen in attempts to subvert firewalls) but not ordinary fragments... that would be a serious problem. > There is no real problem > (except for possible memory use, etc.) if a host gets fragements for a > packet; if it doesn't get the first part, it will not do anything with > them. This is true. > See RFC-1858 for a discussion of some of the potential catches to > fragmentation and firewalls. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802090600.WAA12310>