[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TCP small fragments
In message <BB6D74C75CC76A419B6D6FA7C38317B2628B83@sinett-sbs.SiNett.LAN>, "Vis
hwas Manral" writes:
>Hi Pall,
>
>We are not talking about right implementations of IP fragmentation. We are tal
>king about what firewalls do in case of small fragments hwhich can be caused b
>y an attack.
>
>Are such fragments discarded by the firewall in ISP(is it an option to discard
> it)?
>
The problem is very well known in the firewall community. For that
matter, see RFC 1858, which documents it. I believe that most firewall
products handle it properly.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb