Fragmentedicmp, Minimumfraglength, Reasstimeout – D-Link DFL-2500 User Manual

Page 322: Reasstimelimit, Reassdonelinger, Reassillegallinger

Advertising
background image

not match up. Possible settings are as follows:

NoLog - No logging is carried out under normal circumstances.

LogSuspect - Logs duplicated fragments if the reassembly procedure has been affected by
"suspect" fragments.

LogAll - Always logs duplicated fragments.

Default: LogSuspect

FragmentedICMP

Other than ICMP ECHO (Ping), ICMP messages should not normally be fragmented as they contain
so little data that fragmentation should never be necessary. FragmentedICMP determines the action
taken when NetDefendOS receives fragmented ICMP messages that are not either ICMP ECHO or
ECHOREPLY.

Default: DropLog

MinimumFragLength

MinimumFragLength determines how small all fragments, with the exception of the final fragment,
of a packet can be. Although the arrival of too many fragments that are too small may cause
problems for IP stacks, it is usually not possible to set this limit too high. It is rarely the case that
senders create very small fragments. However, a sender may send 1480 byte fragments and a router
or VPN tunnel on the route to the recipient subsequently reduce the effective MTU to 1440 bytes.
This would result in the creation of a number of 1440 byte fragments and an equal number of 40
byte fragments. Because of potential problems this can cause, the default settings in NetDefendOS
has been designed to allow the smallest possible fragments, 8 bytes, to pass. For internal use, where
all media sizes are known, this value can be raised to 200 bytes or more.

Default: 8 bytes

ReassTimeout

A reassembly attempt will be interrupted if no further fragments arrive within ReassTimeout
seconds of receipt of the previous fragment.

Default: 65 seconds

ReassTimeLimit

A reassembly attempt will always be interrupted ReassTimeLimit seconds after the first received
fragment arrived.

Default: 90 seconds

ReassDoneLinger

Once a packet has been reassembled, NetDefendOS is able to remember this for a short period of
time in order to prevent further fragments, for example old duplicate fragments, of that packet from
arriving.

Default: 20 seconds

ReassIllegalLinger

FragmentedICMP

Chapter 13. Advanced Settings

322

Advertising
Popular Brands
Popular manuals