From: Antonio Soares (amsoares@netcabo.pt)
Date: Fri Sep 07 2007 - 09:46:30 ART
I found a good document on the subject. Check it out:
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00
800949b8.shtml
Regards,
Antonio Soares
CCIE #18473, CCNP, CCIP
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Mark
Turner
Sent: quinta-feira, 6 de Setembro de 2007 22:14
To: Cisco certification
Subject: ACL fragment blocking
Hello,
After going through the DOC cd and previous group study posts I am still
unclear about matching fragments in an acl. Assume that a web server with
the ip address 172.16.1.1 is receiving bad tcp fragments and you want to
block them and allow all other traffic From what i have read by using the
fragment keyword, only non initial fragments are filtered. The first
fragment of a packet (packets that arnt
filtered) wont match this condition. Does the below config meet the
requirement of blocking bad tcp fragments?
access-list 100 deny ip any host 172.16.1.1 fragments access-list 100 permit
any any
Thanks,
Mark
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:10 ART