On Sep 13, 2014, at 9:47 PM, Harald Koch <c...@pobox.com> wrote: > In the 1990s fragmentation-based attacks against IP stacks were very real, it > took a long time for vendors to fix their stacks completely, and longer to > get fixes deployed; we didn't have the "patch everything monthly" culture > firmly established yet.
I remember that time well. The issue wasn't fragmentation, but rather stack implementation. There were ways to ameliorate it, too. Non-initial fragments are still used in DDoS attacks - either explicitly, or implicitly as part of reflection/amplification attack traffic. But fragmentation itself is not a security issue. ---------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Equo ne credite, Teucri. -- Laocoön _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
