[unisog] UDP fragments anyone?

Stephen John Smoogen smooge at unm.edu
Tue Feb 20 16:02:51 GMT 2007


Vijay S Sarvepalli VSSARVEP wrote:
> 
> Anybody care to share their concerns on UDP fragments across their
> perimeter?  It seems like there is no
> valid traffic that needs it.  eMule ?  I am not sure if there are only
> P2P use it.  
> 

My normal mode of activity is to drop UDP and ICMP fragments at any
border where I am going to use detection tools to examine traffic.
Fragmented UDP and ICMP are normally used to evade various tools and in
legitimate traffic a sign of something broken.



> Your input welcome.
> 
> Vijay Sarvepalli
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog


-- 
Stephen Smoogen -- ITS/Linux Administrator
  MSC02 1520 1 University of New Mexico Albuquerque, NM  87131-0001
  Phone: (505) 277-7343  Email: smooge at unm.edu
 How far that little candle throws his beams! So shines a good deed
 in a naughty world. = Shakespeare. "The Merchant of Venice"


More information about the unisog mailing list