Re: Path-MTU-discovery

["Richard A. Steenbergen" <ras () e-gerbil net>]

On Mon, 17 Jul 2000, Mikael Abrahamsson wrote:

> On Mon, 17 Jul 2000, Patrick W. Gilmore wrote:
>
> > Wow, why would the ICMPs get lost?
>
> I think it's because of access lists etc. I am not the one who have
> set it up so I do not know. We've had this problem from two different
> companies (one for our national needs and one for our international
> needs). The international one has solved it with what you mention
> below.

Wouldn't it be unfortunante if the script kiddies decided to do DoS over
ICMP Need-Frag... This is a very bad situation we find ourselves in you
realize? The quicker we find a way to get rid of this rather bad hack the
better.

Rate-limits of need-frag can help, but many people are still in a
position where their filters leave need-frag wide open and they can't or
aren't currently rate limiting.

The PMTU-D blackhole detection-type checks help keep this current hack
alive a little longer. I'm not currently aware of the extent to which
various OS's implement this kind of thing, any ideas?

-- 
Richard A Steenbergen <ras () e-gerbil net>   http://www.e-gerbil.net/humble
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)