| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: A new TCP/IP blind data injection technique? On Thu, 11 Dec 2003 10:56:01 +0200, Shachar Shemesh said: > fragment at the place you mention. Most TCP/IP connections employ PMTU > discovery, and then split the stream at layer 4, rather then perform > Layer 3 assembly. I wish it were so. In fact, although many vendors ship with PMTU Discovery enabled, it very often gets turned off due to the extraordinary number of totally clueless sites that do one or more of: 1) Disable all ICMP, so the ICMP Frag Needed packets don't make it back, thus hosing the connection entirely (send too large packet, frag needed, ICMP dropped, timeout, retransmit, lather, rinse, repeat). 2) Number their point-to-points out of RFC1918 space, so the ICMP Frag Needed gets swallowed by some border router that's doing reasonable ingress/egress filtering. Most sites, if they have enough clue to realize the 576-byte default isn't all that hot, will simply nail the MSS to 1472 or so and pray for the best. Yes, that's not reliable either, but it works better than PTMUD does in the real world. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031211/484f51f6/attachment.bin
Powered by blists - more mailing lists