Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 20 Aug 1996 05:02:43 +1000 (EST)
From:      michael butler <imb@scgt.oz.au>
To:        archie@whistle.com (Archie Cobbs)
Cc:        hackers@freebsd.org
Subject:   Re: Which fragments to discard (was Re: ipfw vs ipfilter)
Message-ID:  <199608191902.FAA10601@asstdc.scgt.oz.au>
In-Reply-To: <199608190232.TAA26469@bubba.whistle.com> from "Archie Cobbs" at Aug 18, 96 07:32:46 pm
next in thread | previous in thread | raw e-mail | index | archive | help 
Archie Cobbs writes:

> > Poul-Henning Kamp writes:
> > : This is a common mistake, only offset==1 needs to be discarded.
 
> > Hmmm, since there are no comments in ip_fw.c as to why only offset 1
> > is a problem, I'll have to ask here.  Why is that?
 
> RFC 1858 supposedly explains why.

Speaking of which, what follows slid right past my border router :-( This
evening's (-stable + ipfw) log included ..

Deny TCP <somehost>:24940 202.14.234.65:26735 Fragment = 34
Deny TCP <somehost>:30569 202.14.234.65:25451 Fragment = 68
Deny TCP <somehost>:31008 202.14.234.65:29807 Fragment = 102
Deny TCP <somehost>:24940 202.14.234.65:26735 Fragment = 34
Deny TCP <somehost>:30569 202.14.234.65:25451 Fragment = 68
Deny TCP <somehost>:31008 202.14.234.65:29807 Fragment = 102
Deny TCP <somehost>:24940 202.14.234.65:26735 Fragment = 34
Deny TCP <somehost>:30569 202.14.234.65:25451 Fragment = 68
Deny TCP <somehost>:31008 202.14.234.65:29807 Fragment = 102
Deny TCP <somehost>:24940 202.14.234.65:26735 Fragment = 34
Deny TCP <somehost>:31008 202.14.234.65:29807 Fragment = 102
Deny TCP <somehost>:30569 202.14.234.65:25451 Fragment = 68
Deny TCP <somehost>:24940 202.14.234.65:26735 Fragment = 34
Deny TCP <somehost>:30569 202.14.234.65:25451 Fragment = 68
Deny TCP <somehost>:31008 202.14.234.65:29807 Fragment = 102

All things considered, I think the decision to configure all my kernels to
be "defensive" by default was not such a bad idea. Anyone who can't build
packets properly I don't want to talk to and I told them so in email ..

	michael

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608191902.FAA10601>