Firewalls: Re: IP fragments and packet filters

Firewalls
(March 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: IP fragments and packet filters
From:	Bill Conaway <Bill_Conaway @ iongate . staff . ichange . com>
Date:	Fri, 01 Mar 1996 09:37:05 -0400 (EDT)
To:	"Charles B. Kaplan" <cbk @ starbase . ingress . com>
Cc:	Firewalls <Firewalls @ GreatCircle . COM>

Charles B. Kaplan wrote:
> 
> >The only time you're ever likely to see a packet with FO=1 is if a bad guy is
> >knocking at your door.
> 
> Would there ever be exceptions to this that would stem from the passing of
> data long distance, and thus forcing the data into a bigger pipe (say an ATM
> link cross country), and then back out of the pipe, possible becoming
> fragmented.

See rfc1858, "Security Considerations for IP Fragment Filtering".

-- 
Eric V. Smith           | Some for renown on scraps of learning dote,
EricSmith @
 windsor .
 com   |  And think they grow immortal as they quote.
Windsor Software Corp   +----------------------------------+ Edward Young
http://www.windsor.com/   Windows NT, Unix, SQL Server     |  English poet

Indexed By Date	Previous:	Re: What port does NT use for logins? From: Ken Hardy <ken @ bridge . com>
Indexed By Date	Next:	RE: VPN's over the internet From: Frank Willoughby <frankw @ in . net>
Indexed By Thread	Previous:	Re: IP fragments and packet filters From: Howard Barnett <HBarnett @ FastLane . NET>
Indexed By Thread	Next:	Re: Proxy-server for AOL client? From: jhue @ crl . com (Jonathan Hue)