Chapter 11

p. 148

The author says ``When an IP datagram is fragmented, it is not reassembled until it reaches its final destination.'' These days, some firewalls will insist on reassembling the packet before deciding whether or not to forward it. See also the Appendix on NAT, which explains why.

pp. 148-151

Fragmentation can pose a security problem. There was a bug in Windows NT which would crash it if incompatible (i.e. overlapping) fragments were received. This was used to attack NT machines in the Pentagon when Gates was addressing Congress. Generally, a firewall has little option but to pass a fragment (other than the first, i.e. the one with fragmentation offset zero), since there is no protocol-related information in later fragments. If the first fragment has been dropped, then the subsequent fragments should time out, but the firewall may wish to block the resulting ICMP error, on the grounds that it conveys information that should not be revealed.

RFC 815 describes IP fragment re-assembly algorithms. Since the fragments have to be stored in the memory of the IP layer until the packet is complete, there are denial-of-service attacks that flood the target with fragments until the memory is exhausted.

p. 153

The author says ``Although most systems do not support the path MTU discovery feature $\ldots$''. These days, most TCPs do support it.

p. 159

NFS systems that display the ARP timeout bug listed here often have the feature that, after a pause, e.g. lunch, one is greeted on resuming use by a sequence of

NFS server XXX not responding: still trying
NFS server XXX OK

errors, as the ARP cache is repopulated.