From: Gupta, Gopal (NWCC) (gopal.gupta@hp.com)
Date: Thu Jan 10 2008 - 03:55:31 ARST
 HI NP,
Fragmented packets(non-initial Packets) don't have L4 info in them if
initial packet has L4 info as well.
They have just L-3 information in them for transmitting so, L-4 ACL
doesn't work for them.
More over it depends on your MTU size.
And if you wanna see you can use sniffer and can see the identification
number and fragment offset fields to see the fragments.
HTH
Gops
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
N P
Sent: Wednesday, January 09, 2008 23:07
To: ccielab@groupstudy.com
Subject: Fragmented/initially fragmented packets
Hi Group,
 
I know that to prevent Dos attacks involving fragmented packets can be
stopped by the following ACL.
 
Ip access-list ext DENY_DOS
Deny ip any any fragmented
Permit ip any any
 
I also understand this will only permit non fragmented packets and
initially fragmented packets. Now my question is, how do we
differentiate fragmented and initially fragmented packets? I am
confused.
 
 
Regards,
 
N P
This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST