[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Traffic selectors, fragments, ICMP messages and security policy problems

To: ipsec@lists.tislabs.com
Subject: Re: Traffic selectors, fragments, ICMP messages and security policy problems
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Thu, 26 Feb 2004 12:58:04 -0500
In-reply-to: Your message of "Wed, 25 Feb 2004 20:33:59 EST." <20040226013359.GA683@panix.com>
Sender: owner-ipsec@lists.tislabs.com


Steve and Thor post about situations where there are per-port selectors
between two hosts. That does not present a fragmentation problem - you
do not need to accumulate fragments to make the decision.

The situation where this is necessary is BITS, BITW.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

Follow-Ups:
- Re: Traffic selectors, fragments, ICMP messages and security policy problems
  - From: Thor Lancelot Simon <tls@rek.tjls.com>

References:
- Re: Traffic selectors, fragments, ICMP messages and security policy problems
  - From: Thor Lancelot Simon <tls@rek.tjls.com>

Prev by Date: Re: Traffic selectors, fragments, ICMP messages and security policy problems
Next by Date: Re: Traffic selectors, fragments, ICMP messages and security policy problems
Previous by thread: Re: Traffic selectors, fragments, ICMP messages and security policy problems
Next by thread: Re: Traffic selectors, fragments, ICMP messages and security policy problems
Index(es):
- Date
- Thread