All fragmented packet is harmful?

Hello, all.

I read some documents that there are some cases that filter any fragmented packet at the border router using access-list like below.

ip access-list extended ACL-INFRASTRUCTURE-IN
!--- Deny IP fragments using protocol-specific ACEs to aid in
!--- classification of attack traffic
deny tcp any any fragments
deny udp any any fragments
deny icmp any any fragments
deny ip any any fragments
!--- Deny all other IP traffic to any network device
deny ip any <infrastructure-address-space> <mask>
!--- Permit transit traffic
permit ip any any

So I'm not sure that it will be no problem to filter all fragmented packet or not
when my systems are web service.

Thanks in advance.

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.;4175;25;1371;0;5;946;e13b6be442f727d1

Relevant Pages

  • Re: 3Com SuperStack 3 Firewall Content Filter Exploitable Via Telnet
    ... > The weakness exploited by this vulnerability is that the 3COM filter ... > of the HTTP request packet in order to fool the filter, ... are TCP fragments, but it's likely the box doesn't reassemble IP ...
  • Re: Unusual tcpdump output?
    ... > prg wrote: ... Had been using another tool past ... > I took this to mean a fragmented packet of 1432, ... You are getting the fragments as revealed by: ...
  • Re: VB Winsock OCX Error during Bind
    ... And it requires an additional filter to filter ... : packet fragments. ... The website owner's email address is not functional either. ...