|
|
|
|
|
When an IP packet is too big to be transported by a network link, it is split into several smaller IP packets and transmitted in fragments. To conceal a known attack or exploit, an attacker might imitate this common behavior and break the data section of a single packet into several fragmented packets. Without reassembling the fragments, it is not always possible to detect such an attack. Therefore, the ZoneAlarm router always reassembles all the fragments of a given IP packet, before inspecting it to make sure there are no attacks or exploits in the packet.
You can configure how fragmented packets should be handled.
IP Fragments Fields
In this field… |
Do this… |
|---|---|
Forbid IP Fragments |
Specify whether all fragmented packets should be dropped, by selecting one of the following:
Under normal circumstances, it is recommended to leave this field set to False. Setting this field to True may disrupt Internet connectivity, because it does not allow any fragmented packets. |
Max Number of Incomplete Packets |
Type the maximum number of fragmented packets allowed. Packets exceeding this threshold will be dropped. The default value is 300. |
Timeout for Discarding Incomplete Packets |
When the ZoneAlarm router receives packet fragments, it waits for additional fragments to arrive, so that it can reassemble the packet. Type the number of seconds to wait before discarding incomplete packets. The default value is 10. |
Track |
Specify whether to log fragmented packets, by selecting one of the following:
|