Bugtraq mailing list archives
RE: Small TCP packets == very large overhead == DoS?
From: Franck Martin <franck () sopac org>
Date: 10 Jul 2001 18:32:45 +1200
Please note that about 5% of the machines out there do not understand an MTU different than 1500, because some firewalls blocks all ICMP packets instead of sending back the ICMP packet with the recommended MTU. I explain further. You have a client machine A, a router A with MTU 576, another router B, a firewall B and a web server B with MTU 1500 and MTU discovery. You request a page to server B, server B send the packet with more than 576 bytes and the don't fragment flag. Router A drop the packet and send back an ICMP packet back to server B with the MTU required to pass router A. Firewall B drops the ICMP packet. Server B does not learn that his packet nver reached. The case is true if router A drop the packet and don't send an ICMP. We have a black hole router. Do not filter all ICMP packets! In NT you can enable BlackHole router discovery (cf below) Cheers. On 09 Jul 2001 08:49:37 -0700, David LeBlanc wrote:
============================================================ EnablePMTUDiscovery REG_DWORD 0 | 1 Default: 1 Determines whether TCP uses a fixed, default maximum transmission unit
(MTU)
or attempts to detect the actual MTU. Value Meaning 0 TCP uses an MTU of 576 bytes for all connections to computers
outside the
local subnet. 1 TCP attempts to discover the MTU of the path to a remote host. By discovering the Path MTU and limiting TCP segments to this size,
TCP can
eliminate fragmentation at routers along the path that connects
networks
with different MTUs. Fragmentation reduces TCP throughput and
increases
network congestion.
Current thread:
- Re: Small TCP packets == very large overhead == DoS?, (continued)
- Re: Small TCP packets == very large overhead == DoS? Pavel Machek (Jul 15)
- Re: Small TCP packets == very large overhead == DoS? Crist Clark (Jul 19)
- Re: Small TCP packets == very large overhead == DoS? Eric Vyncke (Jul 09)
- RE: Small TCP packets == very large overhead == DoS? Russ (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 10)
- RE: Small TCP packets == very large overhead == DoS? David LeBlanc (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? gregory duchemin (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? John Kristoff (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? Brett Lymn (Jul 10)
- RE: Small TCP packets == very large overhead == DoS? Franck Martin (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? Crist Clark (Jul 18)
- Re: Small TCP packets == very large overhead == DoS? Pavel Machek (Jul 15)