[ previous ] [ next ] [ threads ]
 
 From:  Hilton Travis <Hilton at QuarkAV dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] fragmented packets
 Date:  Fri, 05 Mar 2004 08:31:00 +1000
Hi Bart,

On Tue, 2004-03-02 at 03:32, Bart Smit wrote:
> In the firewall rules, there is an option "Allow fragmented packets"
> with a description suggesting that it should be normally off. This is
> also the default.
> 
> I don't quite understand this. How is disallowing fragmentation a sane
> default? Shouldn't you only disallow fragmentation in cases where you
> are quite certain that fragmentation cannot happen?!
> 
> I would say that this is almost never the case, and certainly not if you
> have no a priori knowledge about the networks that incoming packets have
> travelled over.
> 
> So I always check the "Allow fragmented packets" box. Just how much
> extra load does this put on m0n0wall? And how exactly does this make me
> vulnerable for DOS attacks?

You should do some googling for attacks using fragmented packets. 
Unless you KNOW you need to enable this, it should always be disabled
for security reasons.

-- 

Regards,

Hilton Travis                   Phone: +61-(0)7-3343-3889
Manager, Quark AudioVisual      Phone: +61-(0)419-792-394
         Quark Computers         http://www.QuarkAV.com/
(Brisbane, Australia)            http://www.QuarkAV.net/

Open Source Projects:		http://www.ares-desktop.org/
				http://www.mamboband.org/

Non Linear Video Editing Solutions & Digital Audio Workstations
 Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
  Conference and Seminar AudioVisual Production and Recording

War doesn't determine who is right. War determines who is left.