Subject: Re: fragmentation attack
To: David Laight <david@l8s.co.uk>
From: Darren Reed <darrenr@reed.wattle.id.au>
List: tech-net
Date: 04/26/2002 12:03:35
In some email I received from David Laight, sie wrote:
[...]
> Also since an interface is required to have an mtu of at least
> (about) 512, anything with stupid fragmentation can be safely
> dumped! - now detect stupid :-)
No, it's not. You're confusing this with the minimum size the IP
stack must be able to reassemble. Go check bugtraq archives for
discussions about fragmentation attacks - there's a lot of detail
there, including references to RFCs. More than one of them has
involved research & testing by yours truely.
Darren