Firewall Wizards mailing list archives
Re: Important Comments re: INtrusion Detection
From: Darren Reed <darrenr () cyber com au>
Date: Sat, 21 Feb 1998 17:20:41 +1100 (EST)
In some mail I received from tqbf () secnet com, sie wrote
First off, a nit: overlapping fragments with inconsistant data are never going to be the valid output of a TCP/IP stack. I don't know that the same is true of all overlapping fragments. I used to be comfortable making claims like "this will never happen", but then I learned about Vern Paxson's work, and now I try to be more careful.
Wrong. If you have asymetrical routing and different MTU's on each route then it is possible. Oh, it also requires path MTU discovery to be off. Darren
Current thread:
- Re: Important Comments re: INtrusion Detection, (continued)
- Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 19)
- Re: Important Comments re: INtrusion Detection Jonathan Care (Feb 19)
- Re: Important Comments re: INtrusion Detection Michael T. Stolarchuk (Feb 19)
- RE: Important Comments re: INtrusion Detection Kurt Ziegler (Feb 19)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 19)
- Re: Important Comments re: INtrusion Detection Barney Wolff (Feb 20)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 20)
- Re: Important Comments re: INtrusion Detection marc (Feb 20)
- Re: Important Comments re: INtrusion Detection Barney Wolff (Feb 20)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 20)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 21)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 21)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 21)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 21)
- Re: Important Comments re: INtrusion Detection Vern Paxson (Feb 21)