Hi, In the enhanced rules, there are 2 rules concerning the 'IP Fragmentation', with 'different 0' for frag offset and 'MF' for frag flags, respectively. Are IP packages with these 2 flags always illegal? what the difference between 'equal 0' and 'difference 0"?
Hi nuser A fragmented IP packet is a packet with any fragment flag or differend from any frag flag... Did these type of packets are always illegal? I'm not sure. We have to confirm this with Frédéric since there is some internet connection providers who needs some fragmented packets to works... Did it's the same kind of fragmented packet? I'm not sure... This is for the Fragment Offset : For DF (Don't Fragment) 0 means fragmentation forbidden 1 means fragmentation alllowed For MF (More Fragment) 0= last fragment 1= more fragments This must be understood in combination of the Fragments Flags: The possibilities are: ALL, DF (fragmentation forbidden), !DF (fragmentation allowed), MF (more fragments authorised), !MF (last fragment), DF+MF (fragmentation forbidden AND more fragments authorised), DF+!MF (fragmentation forbidden AND last fragment) , !DF+MF (fragmentation allowed AND more fragments authorised), !DF+!MF (fragmentation allowed AND last fragment). OK. That my last answer for tonight: my brain is now fragmented! No MF !
HI Climenole, i'm user of L'n'S and i red many of your posts, and i want say thx for your help. However i'm going to ask something about this topic. In fact i wish to made a rule more strict for DNS, in example, and looking in the log i see that the packets for DNS connections are set DF: 0 MF: 0 Frag Offset: 0 So i was wondering what are the correct settings in the fagmentation fields of the rules configuration. I tried to do it by myself, but it seems i don't understand how it work properly, so i hope you can help me! Sorry for my english and Thx however for all.
Hi WinCenzo If you attempt to have a more restrictive DNS rules you'll have some problems... Most of the time the DNS requests are set to DF 0 MF 0 or DF 1 MF 0... A rule must increase the security (here the respect of TCP-IP / DNS standards) not to restrict things until they are unusable... The DNS rule is secure and usable. Don't fix what ain't broken !
Ok that's right, it was only way to increase my knowledge about L'n's, becouse it wasn't for me very clear this function about fragmentation. But i'm not so expert, as you say, don't fix what ain't broken Thx for all