Re: IPv4 fragmentation --> The Rose Attack

[Valdis.Kletnieks () vt edu]

On Wed, 14 Apr 2004 23:54:19 +0200, hs () holgerscherer de  said:

> my firewall (Netscreen 5GT) recognizes several IP fragment alerts a day,

> etc... as the destination Ports dont seem to be interesting for any
> service i use, might there be a possibility for any worm or exploit in
> the wild?

First thing to do is figure out if this is just *normal* traffic (probing or
otherwise) that happened to go through a VPN tunnel or other low-MTU
link and got fragmented.

Not all the net is MTU 1500....

Attachment: _bin
Description: