Subject: Re: fragmentation attack
To: David Laight <>
From: Darren Reed <>
List: tech-net
Date: 04/26/2002 12:03:35
In some email I received from David Laight, sie wrote:
> Also since an interface is required to have an mtu of at least
> (about) 512, anything with stupid fragmentation can be safely
> dumped!  - now detect stupid :-)

No, it's not.  You're confusing this with the minimum size the IP
stack must be able to reassemble.  Go check bugtraq archives for
discussions about fragmentation attacks - there's a lot of detail
there, including references to RFCs.  More than one of them has
involved research & testing by yours truely.