LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page IPtables and fragmented IP packets
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-19-2006, 12:33 PM   #1
coolb
Member
 
Registered: Apr 2006
Location: Cape Town, South Africa
Distribution: Gentoo 2006.1(2.6.17-gentoo-r7)
Posts: 222

Rep: Reputation: 30
IPtables and fragmented IP packets

Would fragmenting IP packets crash a IPtables firewall?

I was told it will, is this true?

If it is, is there anyway to prevent framented packets from crashing the IPtables firewall?
 
Old 10-19-2006, 01:22 PM   #2
b0uncer
LQ Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
I wonder where you heard that from. Before going crazy, refer to the documantation at iptables.org, and you'll get to know how it is -- most definitely it's not going to crash just like that.

If I remember correctly, you were able to do fun stuff with fragmented packets using iptables..can't remember everything, but it's told at iptables.org and possibly using Google you can get more information (but remember that not everything is true that's written on the net).

If iptables was made to crash when encountering a fragmented ip package, what was the idea behind it? Make people go nuts? Sounds like you've been fooled.

Not saying that you can't do ugly stuff with iptables using fragmented packages (or anything else), just that in an ordinary situation it's not happening. It has to be intended, and if somebody intends to do something, it's virtually not impossible no matter what it was.
 
Old 10-20-2006, 12:19 AM   #3
//////
Member
 
Registered: Nov 2005
Location: Land of Linux :: Finland
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824

Rep: Reputation: 350Reputation: 350Reputation: 350Reputation: 350
Quote:
Originally Posted by coolb
Would fragmenting IP packets crash a IPtables firewall?
Here is an example of fragments crashing computers:
http://en.wikipedia.org/wiki/Teardrop

But I think it could have been blocked with this iptables rule. (not sure)
Code:
$IPTABLES -A INPUT -f -j LOG_DROP
-f = fragment


Cheers

////
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
fragmented udp packets zsoltrenyi Linux - Networking 5 07-08-2006 04:29 AM
how netfilter handles fragmented packets??? cranium2004 Linux - Networking 1 11-21-2004 12:47 PM
iptables won't let packets in - check please? Simon Bridge Linux - Security 1 01-23-2004 09:26 PM
iptables (Fragmented packets) qwijibow Linux - Security 2 09-02-2003 06:40 AM
Iptables letting packets through? mccomber Linux - Security 9 08-05-2003 07:13 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:21 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration