Great Circle Associates Firewalls
(November 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Killer Pings: sanity check
From: "Kevin M. Lahey" <kml @ nas . nasa . gov>
Date: Fri, 15 Nov 1996 17:14:44 -0800
To: firewalls @ greatcircle . com 
In Firewalls-Digest V5 #622, Peter Maersk-Moller writes:
>No simple device (like a gateway) can remove the problem by doing sanity
>check. To do that it would have to keep track of all packets in all
>connections. This is not feasable without using a lot of both RAM
>and processing power. Worst of all, it will introduce unacceptable latency.

Why not just look at the fragment offset + length?  If the sum is
less than 65535, the fragment is okay.  Or am I missing something?

Good luck,

Kevin
Indexed By Date Previous: Cisco Telnet Access
From: Chris Pugrud <ChrisP @ steldyn . com>
Next: Re: Cisco Telnet Access
From: Paul Ferguson <pferguso @ cisco . com>
Indexed By Thread Previous: RE: Killer Pings: sanity check
From: Gene Lee <genel @ inforamp . net>
Next: Microwave & Satelite
From: Kogulapalan <palan @ dataprep . com . my>
Google
 
Search Internet Search www.greatcircle.com