CPUG: The Check Point User Group - View Single Post - Panic When SecureXL and NAT Are Used and a Malformed Packet Is Received

Thread: Panic When SecureXL and NAT Are Used and a Malformed Packet Is Received

View Single Post

#4 (permalink)

Old

2009-02-04

PhoneBoy is offline

Senior Member

Join Date: 2005-08-14

Location: Gig Harbor, WA, USA

Posts: 809

Rep Power: 5

PhoneBoy has an average reputation (10+)

Default

Re: Panic When SecureXL and NAT Are Used and a Malformed Packet Is Received

The value is number of bytes after the IP header. fwfrag_minsize needs to be 20 to ensure that a complete TCP header is received. This does mean that legitimate UDP fragments with less than 12 data bytes will be dropped if you apply this fix.

Reply With Quote

PhoneBoy

View Public Profile

Send a private message to PhoneBoy

Visit PhoneBoy's homepage!

Find all posts by PhoneBoy