[ previous ] [ next ] [ threads ]
 From:  Hilton Travis <Hilton at QuarkAV dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] fragmented packets
 Date:  Fri, 05 Mar 2004 08:31:00 +1000
Hi Bart,

On Tue, 2004-03-02 at 03:32, Bart Smit wrote:
> In the firewall rules, there is an option "Allow fragmented packets"
> with a description suggesting that it should be normally off. This is
> also the default.
> I don't quite understand this. How is disallowing fragmentation a sane
> default? Shouldn't you only disallow fragmentation in cases where you
> are quite certain that fragmentation cannot happen?!
> I would say that this is almost never the case, and certainly not if you
> have no a priori knowledge about the networks that incoming packets have
> travelled over.
> So I always check the "Allow fragmented packets" box. Just how much
> extra load does this put on m0n0wall? And how exactly does this make me
> vulnerable for DOS attacks?

You should do some googling for attacks using fragmented packets. 
Unless you KNOW you need to enable this, it should always be disabled
for security reasons.



Hilton Travis                   Phone: +61-(0)7-3343-3889
Manager, Quark AudioVisual      Phone: +61-(0)419-792-394
         Quark Computers         http://www.QuarkAV.com/
(Brisbane, Australia)            http://www.QuarkAV.net/

Open Source Projects:		http://www.ares-desktop.org/

Non Linear Video Editing Solutions & Digital Audio Workstations
 Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
  Conference and Seminar AudioVisual Production and Recording

War doesn't determine who is right. War determines who is left.