Hi Vishwas,
Vishwas Manral wrote:
Hi Suresh,
So are you suggesting the non-last fragment size of less than 1280,
example 1200.
Not exactly, but I think this should be administratively configurable.
(1200 is a nice round number though :-)
I still have a doubt on this one. Can we state that
Hi.
Section 2.1.11 of the Security Overview draft
(http://www.ietf.org/internet-drafts/draft-ietf-v6ops-security-overview-06.txt)
discusses the 'tiny fragment' problem and tries to reflect Vishwas'
original concerns on tiny fragments (see the acknowledgments). After
some discussion on the ma
Hi Suresh,
So are you suggesting the non-last fragment size of less than 1280,
example 1200.
I still have a doubt on this one. Can we state that the first fragment
should have the complete TCP/ UDP headers? I find this essential for
the case of stateless filtering, which are easier to do at line
Hi,
Jun-ichiro itojun Hagino 2.0 wrote:
my take on this is that, for non-final fragment, the packet size must
not be smaller than 1280 bytes. there's no valid use for smaller
fragments (unless you have special network with MTU < 1280).
I tend to disagree. I do think th
> > my take on this is that, for non-final fragment, the packet size must
> > not be smaller than 1280 bytes. there's no valid use for smaller
> > fragments (unless you have special network with MTU < 1280).
> I agree to the solution. If we get more people talking about the need
> for this, we
ought up the issue of
> http://tools.ietf.org/html/draft-manral-v6ops-tiny-fragments-issues-02 .
>
> I would want to know if this issue needs to looked further by IPv6.
my take on this is that, for non-final fragment, the packet size must
not be smaller than 1280 bytes. the
> At the time of bringing up the amplification attacks i had also
> brought up the issue of
> http://tools.ietf.org/html/draft-manral-v6ops-tiny-fragments-issues-02 .
>
> I would want to know if this issue needs to looked further by IPv6.
my take on this is that, for non
Hi,
At the time of bringing up the amplification attacks i had also
brought up the issue of
http://tools.ietf.org/html/draft-manral-v6ops-tiny-fragments-issues-02 .
I would want to know if this issue needs to looked further by IPv6.
Thanks,
Vishwas