At 11:57 25/06/97 -0400, you wrote:
>In what way is the solution in RFC 1858 flawed?
It states (section 3.2.2) "The indirect method relies on the observation
that when a TCP packet is fragmented so as to force 'interesting' header
fields out of the zero-offset fragment, there must exist a fragment with FO
equal to 1."
This is "observation" true where the fragments have been generated from a
complete packet by a spec. conforming IP stack. However this isn't
necessarily true of a hacked IP stack. As such it is unsafe to rely on this.
>Is there a discussion of this anywhere I could look at?
Archives of this list, March 1996, subject "IP fragmentation attacks".