Re: Should I block Fragmented IP Packets?
Date: 19 Nov 2005 15:34:02 GMT
Kyle Stedman <firstname.lastname@example.org> wrote:
> I'm using a Linksys Wireless-G Cable Gateway. One of the firewall settings
> is to block fragmented IP packets. Should I? Or will this cause connection
> Also, should I filter multicast?
> Thanks for any info...I'm new to this.
In both cases, 'it depends'. Disabling fragmented IP *usually* works,
because in most cases, the hosts will use PMTUD (Path Maximum Transfer
Unit Discovery) and adjust the size of the IP packets they are sending
*However*, many IPSec implementations do not, and IPSec is widely used
I'd venture a guess that if you are not establishing IPSec connections
from behind the firewall, or doing other fancy networking stuff that's
so complicated you *will* know if you do it, you can safely disable
Filtering multicast depends on if you use it. I don't see much benefit
in disabling it, except perhaps as a small measure to make DoS slightly
less easy, but it isn't used too much either. You could disable it and
see if anything, in particular mbone-based stuff and some p2p apps,
More important is to make sure to use proper security between all the
hosts and the firewall. WEP is pretty useless, and WPA makes it as good
as a regular ethernet switch with a dozen cables running out of your
house, under the front door. I've heard MAC poisoning and the like is
pretty dangerous; search the web, or the archives of a security list
like Full-Disclosure, for this.