[unisog] UDP fragments anyone?

Scott Dier sdier at oitsec.umn.edu
Tue Feb 20 19:30:12 GMT 2007


Russell Fulton wrote:
> any tools worth their salt will reassemble packets *before* examining
> the contents and will flag overlapping fragments.  I don't see this as a
> valid argument for dropping UDP fragments.  Our fireall (OpenBSD's pf)
> actually does the reassembly at the border which is another way of
> dealing with the issue.

The reassembly does break some embedded platforms.  I know that it does 
break LWAPP with Cisco's controller based wireless products not running 
in REAP mode, for instance.

-- 
Scott Dier <sdier at oitsec.umn.edu>


More information about the unisog mailing list