Fragments

From: gladston@br.ibm.com
Date: Tue Jul 27 2004 - 15:46:41 GMT-3

• Next message: Scott Morris: "RE: Any idea what's changing from August 1st"
• Previous message: venkat garigipati: "Any idea what's changing from August 1st"
• Next in thread: Jay Greenberg: "Re: Fragments"
• Maybe reply: Jay Greenberg: "Re: Fragments"
• Maybe reply: Baety Wayne A 30 SIG BN RS3 (cn): "RE: Fragments"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The following list is from a Cisco example.

access-list 101 deny ip any host 1.1.1.1 fragments
access-list 101 permit tcp any host 1.1.1.1 eq 80
access-list 101 deny ip any any

If a host is accessing server 1.1.1.1 and the communication needs to send fragmented packet, it will not work, right?

Would it have a better solution, that allows fragments in this case (http to 1.1.1.1) and block others fragments?
If I got it right, there is no way to detect if a fragment belongs to the http session.

• Next message: Scott Morris: "RE: Any idea what's changing from August 1st"
• Previous message: venkat garigipati: "Any idea what's changing from August 1st"
• Next in thread: Jay Greenberg: "Re: Fragments"
• Maybe reply: Jay Greenberg: "Re: Fragments"
• Maybe reply: Baety Wayne A 30 SIG BN RS3 (cn): "RE: Fragments"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:04 GMT-3