contestada

In fire wall, one approach to defeating the tiny fragment attack is to enforce a minimum length of the transport header that must be contained in the first fragment of an IP packet. If the first fragment is rejected, all subsequent fragments can be rejected. However, the nature of IP is such that fragments may arrive out of order. Thus, an intermediate fragment may pass through the filter before the initial fragment is rejected. How can this situation be handled?

Respuesta :

In order to handle the scenario that's illustrated, it's important for the interesting header files to be forced outside the zero offset fragment.

It should be noted that in a firewall, a way to defeat the tiny fragment attack is to enforce a minimum length of the transport header.

Therefore, to handle the situation that's depicted, during the fragmentation of TCP IP packets, there are header files that are forced outside of the zero-offset fragment.

In the extracted fragments, a fragment with FO = 1 must exist. When the packet has its carrying FO = 1, it shows the presence of a zero-offset fragment, and discarding the packet will lead to the blocking of reassembly at the receiving host.

Read related link on:

https://brainly.com/question/25689557

Otras preguntas