Todd wrote:
>
> while it is empirically true that fragmentation (or more specifically
> reassembly of fragments) has been a weak point in IP stacks, it really
> shouldn't be.
Problem is not always the IP stack. For example in the case of
Checkpoint (given the subject line I assume this is what started the
thread ;) the problem was:
A) No rule processing prior to reassembly so DoS traffic can originate
from anywhere
B) The method of logging generated a unique log entry for every fragment
thus increasing CPU & disk load
> RFC815 outlines a very clear and very simple algorithm for correct (and
> efficient) reassembly.
I think its the old "why address it till its a real problem?" kind of
thing. We saw the same thing with the SYN pool a few years back. People
knew it was a problem, it was just not addressed till attack tool where
created in order to exploit it.
HTH,
Chris
--
**************************************
[EMAIL PROTECTED]
* Mastering Cisco Routers
http://www.amazon.com/exec/obidos/ASIN/078212643X/
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
