Am Don, 2003-10-09 um 20.11 schrieb Abraham van der Merwe: > Yes, I know, but as long as all the fragments have unique ids it shouldn't > matter. Also, if the packet is fragmented along the way under normal > circumstances (i.e. DF=0), then the IP-ID field would have to be incremented > by the router fragmenting the packet. True but Linux 2.4 clears the IP-ID field when sending a packet with the DF-Bit set. You have to manually recreate a unique IP-ID field when clearing the DF-Bit on the firewall. Even when the router increments this field all packets will have the ID of 1. When defragmenting the receiver does not know which fragment belongs to which packet. Linux 2.4 is the only operating system I know of that shows this behavior. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
