From Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide
Part of SRG-NET-000401-IDPS-00203
Associated with: CCI-001310
Packet fragmentation is allowed by the TCP/IP specifications and is encouraged in situations where it is needed. However, packet fragmentation has been used to make some attacks harder to detect (by placing them within fragmented packets), and unusual fragmentation has also been used as a form of attack. For example, some network-based attacks have used packets that should not exist in normal communications, such as sending some fragments of a packet but not the first fragment, or sending packet fragments that overlap each other. These, and other types of packet fragmentation, aim to evade the IDPS.
Verify the IDPS, for fragmented packets, either blocks the packets or properly reassembles the packets before inspecting and forwarding. For fragmented packets, if the IDPS does not either block the packets or properly reassemble the packets before inspecting and forwarding, this is a finding.
Configure the IDPS to, for fragmented packets, either block the packets or properly reassemble the packets before inspecting and forwarding.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer