Security Incidents mailing list archives
Re: streams of fragments...
From: Dug Song <dugsong () monkey org>
Date: Wed, 18 Jul 2001 14:51:52 -0400
On Wed, Jul 18, 2001 at 01:10:14PM -0400, Jose Nazario wrote:
a lot of sites block fragments to no great loss of theirs. in this day and age it's usually not needed.
this really depends on your site's normal traffic, and whether you've
actually measured enough of it to make a reasonable decision:
http://www.caida.org/outreach/papers/pam2001/fragmentation.xml
there are better ways to handle fragments at a security gateway than
just to drop them - see the OpenBSD packet filter's IP normalization
code for details.
-d.
---
http://www.monkey.org/~dugsong/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
Current thread:
- streams of fragments... Russell Fulton (Jul 17)
- Re: streams of fragments... Gamble (Jul 18)
- Re: streams of fragments... Jose Nazario (Jul 18)
- Re: streams of fragments... Dug Song (Jul 18)
- Re: streams of fragments... Russell Fulton (Jul 18)
- Re: streams of fragments... Jose Nazario (Jul 18)
- Re: streams of fragments... Burak DAYIOGLU (Jul 18)
- <Possible follow-ups>
- RE: streams of fragments... Portnoy, Gary (Jul 18)
- RE: streams of fragments... Rich Ostergard (Jul 18)
- Re: streams of fragments... Gamble (Jul 18)