Bugtraq mailing list archives
RE: Small TCP packets == very large overhead == DoS?
From: "David LeBlanc" <dleblanc () mindspring com>
Date: Tue, 10 Jul 2001 01:04:36 -0700
From: Darren Reed [mailto:avalon () coombs anu edu au]
In some mail from Russ, sie said:
I think some people are not understanding the difference between the TCP MSS and IP's MTU. Either that or both you and David LeBlanc are grasping at straws in order to make WindowsNT look better ;)
I understand that difference. I'm not grasping at straws, I'm just wrong. Ooops. This happens occasionally. <struggles to get foot out of mouth...>
MTU and Path MTU (PMTU) discovery are not the same as TCP's MSS but they can and do impact it.
Understood. I was hoping that if you turned off PMTU discovery, that it would also ignore MSS and just send default sized packets. Unfortunately, I don't think that's the case. Doh!
Given all of the above, the suggestion both you and David LeBlanc made that Windows fixed things at a default of 576 when PMTU discovery was enabled is not true and I proved this in testing.
OK, OK, you win. I'm sure you meant to write: "when PMTU discovery was DISabled"
and so on. Essentially, on both of those platforms all it does is control whether the "don't fragment" bit (0x4000) is set in the IP offset field.
Actually, a bit more than that - it also means that it drops the rest of the PMTU discovery process and uses a default value, apparently unless the client specifies something else. <falls back, punts...>
I get the same lack of an answer on how to set a minimum acceptable MSS now as I did then.
I'll see what I can come up with.
Current thread:
- Small TCP packets == very large overhead == DoS? Darren Reed (Jul 07)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 09)
- RE: Small TCP packets == very large overhead == DoS? David LeBlanc (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? Pavel Machek (Jul 15)
- Re: Small TCP packets == very large overhead == DoS? Crist Clark (Jul 19)
- <Possible follow-ups>
- Re: Small TCP packets == very large overhead == DoS? Eric Vyncke (Jul 09)
- RE: Small TCP packets == very large overhead == DoS? Russ (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 10)
- RE: Small TCP packets == very large overhead == DoS? David LeBlanc (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? gregory duchemin (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? Darren Reed (Jul 09)
- Re: Small TCP packets == very large overhead == DoS? John Kristoff (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? Brett Lymn (Jul 10)
- RE: Small TCP packets == very large overhead == DoS? Franck Martin (Jul 10)
- Re: Small TCP packets == very large overhead == DoS? Crist Clark (Jul 18)