Paul,
Port 25 is the server port for smtp. the other is the client port
(19352).
IP allows fragmentation into pieces so small as to be impractical
because of overhead.
Somtimes, attackers can exploit typical filter behavior and the
ability to create peculiar
fragment sequences in order to sneak otherwise disallowed packets
past the filter.
In normal practice, such pathalogical fragmentation is never used,
so it is safe to drop these fragments
without danger of preventing normal operation.
piranha...
> -----Original Message-----
> From: Paul Wentland [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 25, 2002 1:01 PM
> To: 'Firewall'
> Subject: Bad IP Fragment Offset
>
> Hello,
> Since Sunday night our firewall is showing following logs:
>
> IP packet dropped (212.107.15.161->208.38.37.234: Protocol=TCP[ACK] Port
> 19352->25): Bad IP Fragment Offset: 0x2000 (received on interface
> 208.38.37.234)
>
> We do allow SMTP traffic on the firewall. The ports from are different.
> What those guy's are trying to do?
>
> Thanks a lot, in advance.
>
> Paul
>
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
