On Fri, 20 Aug 2004, Quark IT - Hilton Travis wrote:
> > From: Fred Wright [mailto:fw at well dot com]
> > Sent: Friday, 20 August 2004 12:01
> > On Fri, 20 Aug 2004, Quark IT - Hilton Travis wrote:
> > > I have noticed in our W2k3 SBS Error Logs the following types of
> > > errors, starting at 2024 (local) last night. Just thought I'd post
> > > this here in case it is a m0n0wall bug - never seen these errors
> > > before. I am running 1.1b17 on a net4501 if that helps, and 1.1b17
> > > has been running since within about 24h of it being released.
> > [...]
> > > The DNS server encountered a bad packet from 192.168.69.254.
> > > Packet processing leads beyond packet length. The event
> > data contains
> > > the DNS packet.
> > Do you have "allow fragments" checked on the rule that
> > applies to this traffic?
> Unless the default rules have this selected, there are no additional
> rules at all relating to DNS traffic. This is a pretty standard
> m0n0wall installation right now.
No, there's no option to have this on the default rule (there probably
should be), so if you need it you'll need to create a specfic rule for it.
I'm actually surprised that the client was able to get the incomplete
packet at all. Normally a packet is discarded unless all fragments are
present. A Windows "feature" perhaps. :-)