In message <BB6D74C75CC76A419B6D6FA7C38317B2628B83@sinett-sbs.SiNett.LAN>, "Vis
hwas Manral" writes:
Hi Pall,
We are not talking about right implementations of IP fragmentation. We are tal
king about what firewalls do in case of small fragments hwhich can be caused b
y an attack.
Are such fragments discarded by the firewall in ISP(is it an option to discard
it)?
The problem is very well known in the firewall community. For that
matter, see RFC 1858, which documents it. I believe that most firewall
products handle it properly.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb