[155074] in North American Network Operators' Group
Re: DDoS using port 0 and 53 (DNS)
daemon@ATHENA.MIT.EDU (sthaug@nethelp.no)
Wed Jul 25 02:14:00 2012
Date: Wed, 25 Jul 2012 08:13:20 +0200 (CEST)
To: mysidia@gmail.com
From: sthaug@nethelp.no
In-Reply-To: <CAAAwwbUoQ8efXKfig+4DgXOLWY+mhu-O4Mtbf=UJdf6vyX9aaw@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> The port number of the Layer 4 connection cannot be determined without
> executing IP fragment reassembly in that case. Routers normally
> reassemble fragments they receive, if possible.
No, routers normally do *not* reassemble fragments. This is typically
done by hosts and firewalls.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
