BJ Rice wrote: > > Actually the PIX by default will allow fragmented packets.
That's not very nice of it. :-) > This can be a vulnerability for the PIX. A good policy is to > enable FragGuard on the PIX. This insures the PIX sees the > entire seegmented packet before letting it pass through its > outside interface. That wasn't the question, though. The question is will the PIX fragment packets? It acts more or less like a router, doesn't it? If a 1500 byte packet came in and needed to be forwarded to an interface that has only a 500 byte MTU, would the PIX fragment? Maybe it's not an issue because MTUs usually match on PIX interfaces? But they don't necessarily match and they can be changed. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61632&t=61441 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
