From: vijay.upadhyaya@gmail.com
Date: Sun Sep 30 2007 - 01:29:27 EDT
In my experience I have found blocking the Fragmented packets at the Gateway as the best solution. Sure you will have trouble with VPN but that issue can be resolved by proper network architecture having VPN gateway coming through different firewall and allowing only VPN traffic through and Fragmented packets will be allowed.
There was a paper on Internet with some statistics on how much percentage of traffic on the Internet is fragmented .
Hope this helps.
Regards,
Vijay Upadhyaya
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:08 EDT