|
With IPTables, if one uses the connection trackers then one
cannot see or block fragmented packets. Will this ever be changed? Essentially, if someone is using a connection tracker of any
kind and gets DDoS’d with fragmented packets, they will not be able to
see a thing (log wise) unless they use tcpdump? Is this correct? If so, will this ever be changed? I know ipfilter logs fragmented packets/attacks/blocks but
it does not use any connection trackers. |
