On Thu, 13 Sep 2001, Bernd Eckenfels wrote:
> It is all about Fragments which are big enough to carry the ip-level
> information. Those fragments of course can easyly be routed by
> routers. The only thing which is not possible is to look at the TCP or
> UDP Level info like port numbers.
Or worse yet, fragment offsets that go back and change that information.
> Personally I think you wont find small fragments live on the internet
> (smaller than 128bytes). So it is safe to drop them like most filters do.
There are some satallite links with MTUs smaller than 128 bytes (I
think 64) though I doubt they carry Internet traffic it's always possilbe,
so I think that it's good to consider this further. I'm also not sure
that you won't find final fragments smaller than 128 bytes.
FO=0 packets less than some low value like 64 or 128 is probably
reasonable.
Paul
---------------------------------------------------------------------------
Paul D. Robertson #rm -rf /bin/laden
[EMAIL PROTECTED]
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
