[ previous ] [ next ] [ threads ]
 
 From:  GooDieZ <comanche at volja dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] fragmented packets
 Date:  Mon, 1 Mar 2004 19:04:32 +0100
dunno about other apps an DoS atacks, but I personally only needed this 
fragmetation to be enabled for some game servers.


On Monday 01 of March 2004 18:32, Bart Smit wrote:
> In the firewall rules, there is an option "Allow fragmented packets"
> with a description suggesting that it should be normally off. This is
> also the default.
>
> I don't quite understand this. How is disallowing fragmentation a sane
> default? Shouldn't you only disallow fragmentation in cases where you
> are quite certain that fragmentation cannot happen?!
>
> I would say that this is almost never the case, and certainly not if you
> have no a priori knowledge about the networks that incoming packets have
> travelled over.
>
> So I always check the "Allow fragmented packets" box. Just how much
> extra load does this put on m0n0wall? And how exactly does this make me
> vulnerable for DOS attacks?
>
> --Bart
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch