Handling of Fragmented Traffic to check for Vulnerability
20725
Created On 09/26/18 13:50 PM - Last Modified 06/06/23 02:45 AM
Resolution
Overview
The firewall is able to recognize attacks in fragmented packets. The way it is done:
- The system buffers the fragments
- Reassemble them
- Checks for any vulnerability
- Fragments again and sends it out
The fragmented packets sent out may not exactly match the fragmented packets that came in, specially if packets were received out of order.
If the buffer gets full there is an option to either allow the fragmented traffic or drop it.
This can be set from CLI with the command from Configuration menu
#set deviceconfig setting tcp bypass-exceed-oo-queue
owner: mbutt