Re: Fragmented/initially fragmented packets

From: Bajo (bajoalex@gmail.com)
Date: Thu Jan 10 2008 - 05:45:44 ARST

• Next message: Gaurav Prakash: "Re: CCIE #19769"
• Previous message: Gupta, Gopal (NWCC): "RE: BGP regex"
• Maybe in reply to: N P: "Fragmented/initially fragmented packets"
• Next in thread: N P: "RE: Fragmented/initially fragmented packets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi NP,

The short answer is IOS checks the fragment offset (FO).

Layer 3 and Layer 4 headers are involved in the ACL processing.

Check http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800949b8.shtml

On 1/9/08, N P <np643237@gmail.com> wrote:
> Hi Group,
>
>
>
> I know that to prevent Dos attacks involving fragmented packets can be
> stopped by the following ACL.
>
>
>
> Ip access-list ext DENY_DOS
>
> Deny ip any any fragmented
>
> Permit ip any any
>
>
>
> I also understand this will only permit non fragmented packets and initially
> fragmented packets. Now my question is, how do we differentiate fragmented
> and initially fragmented packets? I am confused.
>
>
>
>
>
> Regards,
>
>
>
> N P
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Kind Regards,
Bajo

• Next message: Gaurav Prakash: "Re: CCIE #19769"
• Previous message: Gupta, Gopal (NWCC): "RE: BGP regex"
• Maybe in reply to: N P: "Fragmented/initially fragmented packets"
• Next in thread: N P: "RE: Fragmented/initially fragmented packets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST