Bugtraq mailing list archives
RE: Small TCP packets == very large overhead == DoS?
From: "David LeBlanc" <dleblanc () mindspring com>
Date: Mon, 9 Jul 2001 08:49:37 -0700
-----Original Message----- From: Darren Reed [mailto:avalon () coombs anu edu au]
Following on from this, it occurs to me that the problem with the above can possibly be reproduced with TCP. How ? That thing called "maximum segment size". The problem? Well, the first is that there does not appear to be a minimum. The second is that it is negoiated by the caller, not callee. Did I hear someone say "oh dear" ?
<snip>
I can't see anything in the registry or MSDN which says what it is for Windows. By experimentation, Win2000 appears to be 88, NT 4 appears to be 1
Windows NT (at least back to 4.0) and Win2k provide a registry key setting that is generally recommended when using the system in a hostile environment - from the NT 4.0 resource kit documentation: ============================================================ EnablePMTUDiscovery REG_DWORD 0 | 1 Default: 1 Determines whether TCP uses a fixed, default maximum transmission unit (MTU) or attempts to detect the actual MTU. Value Meaning 0 TCP uses an MTU of 576 bytes for all connections to computers outside the local subnet. 1 TCP attempts to discover the MTU of the path to a remote host. By discovering the Path MTU and limiting TCP segments to this size, TCP can eliminate fragmentation at routers along the path that connects networks with different MTUs. Fragmentation reduces TCP throughput and increases network congestion. Note Windows NT does not add this value to the Registry. You can add it by editing the Registry or by using a program that edits the Registry. =========================================================== This value should be put into HKLM\System\CurrentControlSet\Services\TcpIP\Paramters David LeBlanc dleblanc () mindspring com
Current thread:
- Small TCP packets == very large overhead == DoS? Darren Reed (Jul 07)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 09)
- RE: Small TCP packets == very large overhead == DoS? David LeBlanc (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? Pavel Machek (Jul 15)
- Re: Small TCP packets == very large overhead == DoS? Crist Clark (Jul 19)
- <Possible follow-ups>
- Re: Small TCP packets == very large overhead == DoS? Eric Vyncke (Jul 09)
- RE: Small TCP packets == very large overhead == DoS? Russ (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 10)
- RE: Small TCP packets == very large overhead == DoS? David LeBlanc (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? gregory duchemin (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? John Kristoff (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? Brett Lymn (Jul 10)
(Thread continues...)