On May 27, 2009, Suresh Krishnan wrote:
Firewalls may or may not reassemble fragments, and I am not sure
what to
put in here. If you can suggest some text to put in this paragraph, I
will be glad to add it to the document.
Suresh -
My suggestion is not about fragment reassembly in firewalls, but rather
about adding guidance to the document of when it is safe for a firewall
to drop overlapping fragments.
Given the apparent absence of overlapping fragments in legitimate
traffic, it would be safe, hence recommended, for firewalls to drop
overlapping fragments.
Hope this helps.
- Christian
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------