Re: fragments Keyword Scenarios

From: Chris Broadway (midatlanticnet@gmail.com)
Date: Tue Sep 05 2006 - 15:15:48 ART

• Next message: Venkataramanaiah.R: "Re: CE500 RSTP support"
• Previous message: Ben Groff: "Re: CE500 RSTP support"
• Maybe in reply to: Jeff Ryan: "fragments Keyword Scenarios"
• Next in thread: Victor Cappuccio: "RE: fragments Keyword Scenarios"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The two links to the past conversations did not provide a definite answer.
Kinda like now. The RFC gave great "in the weeds" information about
fragment attacks. But, the RFC also gave a "real world" perspective on
fragment attacks and not a CCIE LAB perspective. For example, the RFC
states:

"Since "interesting" packet information is contained in the
   headers at the beginning, filters are generally applied only to the
   first fragment. Non-first fragments are passed without filtering,
   because it will be impossible for the destination host to complete
   reassembly of the packet if the first fragment is missing, and
   therefore the entire packet will be discarded."

This is not meeting the requirement of the original task in this discussion,
to stop all fragments. But it does leave me with the same confusing
question...how do you stop initial fragments?

-Broadway

• Next message: Venkataramanaiah.R: "Re: CE500 RSTP support"
• Previous message: Ben Groff: "Re: CE500 RSTP support"
• Maybe in reply to: Jeff Ryan: "fragments Keyword Scenarios"
• Next in thread: Victor Cappuccio: "RE: fragments Keyword Scenarios"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:39 ART