Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4

[Fernando Gont <fernando () frh utn edu ar>]

At 07:25 p.m. 20/07/2005, Darren Reed wrote:

> In some mail from Fernando Gont, sie said:
> > The IPv4 minimum MTU is 68, and not 576. If you blindly send packets 
> larger
> > than 68 with the DF bit set, in the case there's an intermmediate with an
> > MTU lower that 576, the connection will stall.
>
> And I think you can safely say that if you see any packets trying to
> indicate that the MTU of a link is "68" then you should ignore it.

Yes. But what about 296?



> Ignoring quenches as a problem, if you try to send 10K of data to a
> box that has an MTU of 68, 1200+ packets are required vs less than 10
> for an ethernet MTU.  The problem is 1200 packets require a lot more
> system time to send than 6 or 7.  A different kind of DoS attack.

?
That of "more system time" required was listed as one of the effects of the 
PMTUD attack in one of the e-mails I sent today.
Not sure what you are saying about ICMP Source Quenches....



> I think it is reasonable to say anyone trying to advertise an MTU less
> than 576 has nefarious purposes in mind.

There are still some radio links with MTUs of 296 bytes.