One small type to correct: -
s / we may have fragmented TCP packets/ we may have fragmented TCP header/
firstname.lastname@example.org [mailto:email@example.com] On Behalf Of
I have been wondering about Tiny Fragments check for TCP for IPv6, as there can be many extension headers between the TCP and the IPv6 standard header, we may have fragmented TCP packets?
The fragmentation I guess does not see if it is fragmenting the inner TCP header or not(which is way inside the packet).
I understood your point about Firewalls. Understand Prof. Bellovian's point also. The point I was trying to make is that it is a malformed packet and IMHO, all malformed packets are suspicious. I believe, Prof. Bellovian published paper on this (not sure). Read it long time ago.
It is a well known technique used by attackers to evade firewalls. All malformed packets are suspicious in my opinion. You get them, can't stop them and some are more harmful than others, in this case crashing hosts.
By the way who said Firewall is a Rock Solid security mechanism, it is something better than nothing kind of thing.
On Feb 16, 2005, at 10:05 AM, Greg Sayadian wrote:
Learn like you will live for ever and Live like you will die tomorrow-Gandhi