Full Disclosure mailing list archives
Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4
From: Darren Reed <avalon () caligula anu edu au>
Date: Thu, 21 Jul 2005 08:25:49 +1000 (Australia/ACT)
In some mail from Fernando Gont, sie said:
The IPv4 minimum MTU is 68, and not 576. If you blindly send packets larger than 68 with the DF bit set, in the case there's an intermmediate with an MTU lower that 576, the connection will stall.
And I think you can safely say that if you see any packets trying to indicate that the MTU of a link is "68" then you should ignore it. This came up some years ago in discussion about ... hmm... I think it was what made a good (or sensible) "fragmentation required" ICMP message. Ignoring quenches as a problem, if you try to send 10K of data to a box that has an MTU of 68, 1200+ packets are required vs less than 10 for an ethernet MTU. The problem is 1200 packets require a lot more system time to send than 6 or 7. A different kind of DoS attack. I think it is reasonable to say anyone trying to advertise an MTU less than 576 has nefarious purposes in mind. oh, IPv6 guarantees a min. MTU of 1280. Lets just stop using IPv4 already. Darren _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS)) Fernando Gont (Jul 19)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 Darren Reed (Jul 20)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 Fernando Gont (Jul 20)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 Darren Reed (Jul 21)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 Casper . Dik (Jul 21)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 Fernando Gont (Jul 21)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 Fernando Gont (Jul 21)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 Dana Hudes (Jul 22)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 Darren Reed (Jul 22)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 Fernando Gont (Jul 20)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 Darren Reed (Jul 20)