December 9th, 2002 08:10 PM
router settings in zone alarm pro
I have the latest version of Zone Alarm Pro plus a Netgear router. In the security panel of Zone alarm for the router settings there is an option to "block fragments" which you can either check or leave blank. I have configured everything else but do not understand this option. What does this refer to? I am not sure whether to ckeck it or leave it blank since it confuses me. Auntie
For hundreds of years the brain was physically capable of the thoughts of a Galelio or an Aristotle among people who had not yet learned to count to ten. Much of that equipment is still unused and waiting.
December 9th, 2002 08:31 PM
Packet Filtering Fragments
TCP is a protocol that adds features to IP, including retransmission of lost packets, dealing with non-consecutive packets, and congestion control. If the "protocol" field in the IP header is set to TCP (whose assigned number is 6), then a TCP header immediately follows the IP header. TCP packets are often filtered based on rules that are compared to fields in the TCP header.
The TCP header contains source and destination port fields. These identify different data streams coming from the same host. For example, a Web server listens on port 80, and a mail server listens on port 25, so if your packet filter doesn't allow TCP packets to port 25, no one can talk to your mail server.
The other important TCP header field is the "SYN" (synchronize) flag; this flag is set for the very first packet in a TCP session. So if you block any TCP packets coming in to your network with this flag set, you essentially create a "one-way" firewall that only allows outgoing TCP connections.
What makes filtering TCP fragments so difficult is that once a packet becomes fragmented, the TCP header is only included in the head fragment. Since packet filters make decisions based on the header, this is a problem. However, if we wish to filter all TCP packets, we can do so by only allowing non-head fragments through. Since without the header the host does not have the information it requires to reassemble the fragments, it should just drop them. This makes it appear as though the whole packet was blocked.
Fragment Bombs: Normally a machine collects fragments until it has an entire packet. Of course, in case one of the fragments gets lost, you should eventually give up and drop the non- reassembled fragments. If you don't, you will eventually run out of memory. Some MS-DOS based implementations were vulnerable to this, but it's not a problem any more.
Hope this helps...
yeah, I\'m gonna need that by friday...