[unisog] UDP fragments anyone?

Stephen John Smoogen smooge at unm.edu
Tue Feb 20 16:02:51 GMT 2007

Vijay S Sarvepalli VSSARVEP wrote:
> Anybody care to share their concerns on UDP fragments across their
> perimeter?  It seems like there is no
> valid traffic that needs it.  eMule ?  I am not sure if there are only
> P2P use it.  

My normal mode of activity is to drop UDP and ICMP fragments at any
border where I am going to use detection tools to examine traffic.
Fragmented UDP and ICMP are normally used to evade various tools and in
legitimate traffic a sign of something broken.

> Your input welcome.
> Vijay Sarvepalli
> ------------------------------------------------------------------------
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

Stephen Smoogen -- ITS/Linux Administrator
  MSC02 1520 1 University of New Mexico Albuquerque, NM  87131-0001
  Phone: (505) 277-7343  Email: smooge at unm.edu
 How far that little candle throws his beams! So shines a good deed
 in a naughty world. = Shakespeare. "The Merchant of Venice"

More information about the unisog mailing list