Frederic NAKHLE wrote:
>
> I'm ok. But it's maybe possible to block it with realsecure and opsec
> configuration and block the source ip by example.
> Can you give me your opinion.
Two major problems with this.
First of all, RealSecure is currently only capable of detecting a
particular type of fragment overlap attack. Its handling of
fragmentation is otherwise non-existent.
Second, as Lance describes in his advisory, the firewall rulebase cannot
protect the firewall itself from this attack even if RealSecure could
detect it.
-paul
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
