Hi,
Aside from turning the firewall feature on (Stateful Packet Inspection), and enabling Block Anonymous Internet Requests, should I turn on Block Fragmented IP Packets, and Filter Multicast?
What would be the upside and downside to turning those two features on?
Thanks, from a newbie.
Kyle
Disclaimer: I have no experience or knowledge with Linksys stuff in general, and you didn't post the specific model, so you'll be given a platform-agnostic answer.
Fragmented IP packets are sometimes (though not often) seen as part of legitimate connections. I have, personally, encountered them as part of IPsec connections (to be more precise - as part of an ISAKMP negotation involving rather large certificates between OpenBSD or Linux/KAME and a third host, respectively Linux/KAME and Windows XP; obviously, blocking fragments will block the application. It is better, from a technical networking point of view, to allow such legal traffic as fragmented IP, and at times, not allowing it will break stuff in mysterious ways. OTOH, I have only encountered breakage while doing advanced things (c.q. IPsec). The downside is that quite a few fragmented packets are just scans, and that reassembling packets takes a bit of memory and processing power. The gateway may do that itself, or leave it to the hosts beyond. In the first case, there's a possibility of exhausting the memory (though a properly designed appliance will drop fragments in preference of going down); in the second case, there is some possibility for scanning. Though only if the packets are sent there in the first case, and the router does not properly implement access control for fragments.
All in all, this does not matter too much either way. My gut feeling says to leave it enabled, as it's correct behaviour, but do what you please - it's unlikely to matter. There might, in some circumstances, be some small security benefit to disabling it, though.
Multicast is the same category. There are some multicast applications on the internet, usually involved to sharing lots of streaming content or the like, but it does open one more protocol to the world. Since multicast is not part of the protocols most people use daily, I'd disable this. Of course, if you use any applications that require multicast, enable it... and it doesn't hurt much either way.
Joachim
snipped-for-privacy@math.uu.nl wrote in news:43935322$0$33780$ snipped-for-privacy@news.wanadoo.nl:
Thanks Joachim!
Kyle
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.