I don't know if FW1 will pass already fragmented packets but I have seen it fragment packets when the additional overhead of encryption caused large packets to be larger than the max MTU for ethernet.
-PaulK
*********************************************
Paul Keser
Network Security Engineer
[EMAIL PROTECTED]
tel: 415.351.4037
fax: 415.474.6017
ShopExpert.com
1375 Sutter Street, Suite 400
San Francisco, CA 94109
*********************************************
> -----Original Message-----
> From: Paul Jones [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, May 21, 2000 10:30 PM
> To: [EMAIL PROTECTED]
> Subject: [FW1] IP Fragment Reassembly
>
>
>
> Can anyone please confirm that FW1 v4.0 does not pass fragmented
> packets and therefore protects Microsoft hosts from the "IP Fragment
> Reassembly" vulnerability discussed in Microsoft Security Bulletin
> (MS00-029)?
>
> I'm a little confused by the FW1 Architecture & Admin manual
> (1998,p363) which states that "Firewall-1 does not send the
> reassembled
> packet but rather the fragments as Firewall-1 received them".
>
>
> __________________________________________________
> Do You Yahoo!?
> Send instant messages & get email alerts with Yahoo! Messenger.
> http://im.yahoo.com/
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
