On Tue, 2004-03-02 at 03:32, Bart Smit wrote:
> In the firewall rules, there is an option "Allow fragmented packets"
> with a description suggesting that it should be normally off. This is
> also the default.
> I don't quite understand this. How is disallowing fragmentation a sane
> default? Shouldn't you only disallow fragmentation in cases where you
> are quite certain that fragmentation cannot happen?!
> I would say that this is almost never the case, and certainly not if you
> have no a priori knowledge about the networks that incoming packets have
> travelled over.
> So I always check the "Allow fragmented packets" box. Just how much
> extra load does this put on m0n0wall? And how exactly does this make me
> vulnerable for DOS attacks?
You should do some googling for attacks using fragmented packets.
Unless you KNOW you need to enable this, it should always be disabled
for security reasons.
Hilton Travis Phone: +61-(0)7-3343-3889
Manager, Quark AudioVisual Phone: +61-(0)419-792-394
Quark Computers http://www.QuarkAV.com/
(Brisbane, Australia) http://www.QuarkAV.net/
Open Source Projects: http://www.ares-desktop.org/
Non Linear Video Editing Solutions & Digital Audio Workstations
Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
Conference and Seminar AudioVisual Production and Recording
War doesn't determine who is right. War determines who is left.