Great Circle Associates Firewalls
(December 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Filtering fragmented IP frames
From: mulligan @ future . incog . com
Date: Thu, 07 Dec 1995 21:28:52 -0700
To: Paul Traina <pst @ cii . org>
Cc: alexf @ is . net (Alex Filacchione), Patrick Drolet <pdrolet @ CyberSecure . Com>, firewalls @ GreatCircle . COM
In-reply-to: Your message of "Thu, 07 Dec 1995 14:27:26 PST." <199512072227 . OAA27112 @ puli . cisco . com>
Reply-to: mulligan @ incog . com 
screend doesn't do any reassembly.  It does have a fragment cache so
that it can drop or pass fragment trailers if it dropped or passed the
fragment leader.  This keeps you from wasting bandwidth with fragements
that wont reassemble and the associated icmp errors and the end system
resources and closes a possible communications channel of just passing
fragment tailers but it doesn't really help in the fragment filtering
problem. 

	geoff
Indexed By Date Previous: Remote dialin IP encryption products?
From: "Richard Basch" <basch @ lehman . com>
Next: Re: Remote dialin IP encryption products?
From: Dave Mischler <mischler @ eagle . wd . cubic . com>
Indexed By Thread Previous: Re: Filtering fragmented IP frames
From: Tom Fitzgerald <fitz @ wang . com>
Next: Re: etcp missing from ftp
From: Darren Reed <avalon @ coombs . anu . edu . au>
Google
 
Search Internet Search www.greatcircle.com