[c-nsp] Stop IP Fragmentation attck

Satish Patel satish.txt at gmail.com
Mon Apr 25 21:22:49 EDT 2016

We are having many NTP, DNS and Chargen style UDP base IP
Fragmentation attack, In short they send packet with MF  (More
Fragment) bit set.

I want to drop all packet entering in my router. How do i stop this
kind of attack with ACL?  I heard somewhere ACL has fragments option
but not sure what it will do and how i can build my with this option?

More information about the cisco-nsp mailing list