Fragmented/initially fragmented packets

From: N P (np643237@gmail.com)
Date: Wed Jan 09 2008 - 15:37:19 ARST

• Next message: wim.depauw@getronics.com: "Frame-relay bridging issue"
• Previous message: Gaurav Prakash: "Re: MQC-Based Frame Relay Traffic Shaping"
• Next in thread: Gupta, Gopal (NWCC): "RE: Fragmented/initially fragmented packets"
• Maybe reply: Gupta, Gopal (NWCC): "RE: Fragmented/initially fragmented packets"
• Maybe reply: nhatphuc: "Re: Fragmented/initially fragmented packets"
• Maybe reply: Bajo: "Re: Fragmented/initially fragmented packets"
• Maybe reply: N P: "RE: Fragmented/initially fragmented packets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Group,

I know that to prevent Dos attacks involving fragmented packets can be
stopped by the following ACL.

Ip access-list ext DENY_DOS

Deny ip any any fragmented

Permit ip any any

I also understand this will only permit non fragmented packets and initially
fragmented packets. Now my question is, how do we differentiate fragmented
and initially fragmented packets? I am confused.

Regards,

N P

• Next message: wim.depauw@getronics.com: "Frame-relay bridging issue"
• Previous message: Gaurav Prakash: "Re: MQC-Based Frame Relay Traffic Shaping"
• Next in thread: Gupta, Gopal (NWCC): "RE: Fragmented/initially fragmented packets"
• Maybe reply: Gupta, Gopal (NWCC): "RE: Fragmented/initially fragmented packets"
• Maybe reply: nhatphuc: "Re: Fragmented/initially fragmented packets"
• Maybe reply: Bajo: "Re: Fragmented/initially fragmented packets"
• Maybe reply: N P: "RE: Fragmented/initially fragmented packets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST