Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > Tiny Fragment Attack

Reply
Thread Tools Display Modes

Tiny Fragment Attack

 
 
Kunael
Guest
Posts: n/a

 
      12-26-2004, 07:55 PM
Hi all,

* I've seen this iptables rule in several sites:

iptables -A INPUT -i eth0 -f -m length --length 0:40 -j DROP
iptables -A FORWARD -i eth0 -f -m length 0:40 -j DROP

* But there is one thing don't fit into that, 'cause RFC 1858
(http://www.scit.wlv.ac.uk/rfc/rfc18xx/RFC1858.html) says that the minimum
lenght of fragment is 68 octets (60 by header and 8 by datagram)

so, ¿is rule bad?

TIA.
--
¡Share your knowledge!

Linux user id 332494 # http://counter.li.org/
PGP id 0xC5ABA76A # http://pgp.mit.edu/
 
Reply With Quote
 
 
 
Reply

« iptables -L | TCP MSS issue »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Do not fragment KAL Linux Networking 5 03-08-2006 07:10 PM
Very Tiny chat for any need or wireless discussion & other Midjet Wireless Internet 0 11-12-2005 01:10 AM
Help identifying tiny coax edard Wireless Internet 2 10-18-2005 05:53 PM
Problem with large pings with don't fragment set Pete Linux Networking 1 06-10-2004 04:45 PM
Or how set dont fragment (fragment) + iptables? Cameron Kerr Linux Networking 6 03-05-2004 02:37 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11