[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TCP small fragments



It is certainly possible with some routers to implement filtering based on packet size. And as we know per RFC that valid packets have a minimum size. So you can do things like filter on 40 byte SYN packets and drop, count, log, etc. However some routers don't do this and will pass any fragment with a MF bit set. This translates into firewall vendors as well. To get the legitimate answer to your question you will need to look at the specific device you are interested in and see how it reacts.

Greg

Steven M. Bellovin wrote:
In message <BB6D74C75CC76A419B6D6FA7C38317B2628B83@sinett-sbs.SiNett.LAN>, "Vis
hwas Manral" writes:

Hi Pall,

We are not talking about right implementations of IP fragmentation. We are tal
king about what firewalls do in case of small fragments hwhich can be caused b
y an attack.


Are such fragments discarded by the firewall in ISP(is it an option to discard
it)?



The problem is very well known in the firewall community. For that matter, see RFC 1858, which documents it. I believe that most firewall products handle it properly.

        --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb





-- <>< Greg Sayadian AOL 703-265-2483