From owner-freebsd-hackers  Sun Feb  8 22:01:55 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA10184
          for hackers-outgoing; Sun, 8 Feb 1998 22:01:55 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from whistle.com (s205m131.whistle.com [207.76.205.131])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA10160
          for <hackers@freebsd.org>; Sun, 8 Feb 1998 22:01:49 -0800 (PST)
          (envelope-from archie@whistle.com)
Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id WAA23837; Sun, 8 Feb 1998 22:01:18 -0800 (PST)
Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3)
	id sma023835; Sun Feb  8 22:00:53 1998
Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id WAA12310; Sun, 8 Feb 1998 22:00:53 -0800 (PST)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199802090600.WAA12310@bubba.whistle.com>
Subject: Re: ipfw logs ports for fragments
In-Reply-To: <Pine.BSF.3.95.980208173653.18733P-100000@alive.znep.com> from Marc Slemko at "Feb 8, 98 05:38:42 pm"
To: marcs@znep.com (Marc Slemko)
Date: Sun, 8 Feb 1998 22:00:53 -0800 (PST)
Cc: jonny@coppe.ufrj.br, hackers@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL31 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Marc Slemko writes:
> If you don't explicitly tell ipfw to pass frags, it will not.  That will
> break some things, but is the safest way.

This is not correct.. ipfw will always block fragments whose offset
is one (only seen in attempts to subvert firewalls) but not ordinary
fragments... that would be a serious problem.

> There is no real problem
> (except for possible memory use, etc.) if a host gets fragements for a
> packet; if it doesn't get the first part, it will not do anything with
> them. 

This is true.

> See RFC-1858 for a discussion of some of the potential catches to
> fragmentation and firewalls.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe hackers" in the body of the message