[c-nsp] Stop IP Fragmentation attck
Satish Patel
satish.txt at gmail.com
Tue Apr 26 13:10:22 EDT 2016
Sorry if you feel that, I am just explaining my problem. I get it BGP
Trigger is best but it won't fix in my business model (already explore
that idea before, My ISP not allowing S/RTBH).
I am just looking some kind of 3rd option which can give us relief. I
just wanted to know what exactly ACL fragments option does?
On Tue, Apr 26, 2016 at 8:58 AM, Roland Dobbins <rdobbins at arbor.net> wrote:
> On 26 Apr 2016, at 19:49, Satish Patel wrote:
>
>> I told you believe me we have very isolated network for each service.
>
>
> You're very argumentative for someone asking strangers on the Internet for
> assistance, heh. Especially when your initial query was easily answered
> with a 4-second search-engine query.
>
> If you're satisfied with your network setup and confident blocking all UDP
> non-initial fragments, great. This is generally a Very Bad Idea, and the
> commentary in this vein was meant to ensure that you had all the relevant
> information when making such a decision.
>
>
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list