| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Jul 2005 19:35:55 -0300 From: Fernando Gont <fernando@....utn.edu.ar> To: Darren Reed <avalon@...igula.anu.edu.au> Cc: full-disclosure@...ts.grok.org.uk, Security Alert <secure@...hs.cup.hp.com>, bugtraq@...urityfocus.com Subject: Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 At 07:25 p.m. 20/07/2005, Darren Reed wrote: >In some mail from Fernando Gont, sie said: > > The IPv4 minimum MTU is 68, and not 576. If you blindly send packets > larger > > than 68 with the DF bit set, in the case there's an intermmediate with an > > MTU lower that 576, the connection will stall. > >And I think you can safely say that if you see any packets trying to >indicate that the MTU of a link is "68" then you should ignore it. Yes. But what about 296? >Ignoring quenches as a problem, if you try to send 10K of data to a >box that has an MTU of 68, 1200+ packets are required vs less than 10 >for an ethernet MTU. The problem is 1200 packets require a lot more >system time to send than 6 or 7. A different kind of DoS attack. ? That of "more system time" required was listed as one of the effects of the PMTUD attack in one of the e-mails I sent today. Not sure what you are saying about ICMP Source Quenches.... >I think it is reasonable to say anyone trying to advertise an MTU less >than 576 has nefarious purposes in mind. There are still some radio links with MTUs of 296 bytes. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists