[unisog] UDP fragments anyone?
sdier at oitsec.umn.edu
Tue Feb 20 19:30:12 GMT 2007
Russell Fulton wrote:
> any tools worth their salt will reassemble packets *before* examining
> the contents and will flag overlapping fragments. I don't see this as a
> valid argument for dropping UDP fragments. Our fireall (OpenBSD's pf)
> actually does the reassembly at the border which is another way of
> dealing with the issue.
The reassembly does break some embedded platforms. I know that it does
break LWAPP with Cisco's controller based wireless products not running
in REAP mode, for instance.
Scott Dier <sdier at oitsec.umn.edu>
More information about the unisog