[Snort-users] bad frag bits
mkettler at ...4108...
Tue Nov 25 08:11:13 EST 2003
At 04:00 PM 11/24/2003, Samuel C. Adams wrote:
>Usually these udp packets are fairly large and it's possible they have
>to travel over a link with low MTU at some point. Is it possible to fragment
>packets if the don't fragment bit is set?
Yes it's possible.. it's not RFC compliant, but it is possible.
>Are there routers out there that do that?
>I thought routers were supposed to send ICMP code 3 type 4 messages
>(Fragmentation Needed and Don't Fragment was Set) if they are forced to
>deal with packets out that are too large. Is that not always the case?
No it's not always the case.. there are a lot of broken IP stacks out there.
More information about the Snort-users