Bugtraq mailing list archives
Re: ICMP fragmentation required but DF set problems.
From: Pavel Kankovsky <peak () ARGO TROJA MFF CUNI CZ>
Date: Sun, 21 Jan 2001 16:40:53 +0100
On Mon, 15 Jan 2001, antirez wrote:
It's possible to slowdown (a lot) connections between two arbirary hosts (but at least one with the PMTU discovery enabled) using some spoofed TCP/IP packet. Maybe you can do more against some TCP/IP stack.
...
There isn't a clear solution.
PMTU discovery is used by TCP (primarily if not exclusively). Isn't it possible to 1. check TCP sequence numbers in ICMP frag. needed messages generated as a response to a TCP datagram (in the same way they should be checked on any ICMP dest. unreachable to prevent a trivial DoS), 2. disregard any other ICMP frag. needed message? --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- ICMP fragmentation required but DF set problems. antirez (Jan 15)
- Re: ICMP fragmentation required but DF set problems. Ofir Arkin (Jan 16)
- Re: ICMP fragmentation required but DF set problems. antirez (Jan 16)
- Re: ICMP fragmentation required but DF set problems. Peter Mathiasson (Jan 16)
- Re: ICMP fragmentation required but DF set problems. Pavel Kankovsky (Jan 22)
- Re: ICMP fragmentation required but DF set problems. antirez (Jan 23)
- <Possible follow-ups>
- Re: ICMP fragmentation required but DF set problems. Niels Provos (Jan 23)
- Re: ICMP fragmentation required but DF set problems. antirez (Jan 23)
- Re: ICMP fragmentation required but DF set problems. Mark . Andrews (Jan 24)
- Re: ICMP fragmentation required but DF set problems. Felix von Leitner (Jan 25)
- Re: ICMP fragmentation required but DF set problems. Ofir Arkin (Jan 16)