lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 19 Jul 2005 19:09:33 -0300
From: Fernando Gont <fernando@....utn.edu.ar>
To: Security Alert <secure@...hs.cup.hp.com>,bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: (ICMP attacks against TCP) (was Re: HPSBUX01137
 SSRT5954 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS))


At 08:35 a.m. 19/07/2005, Security Alert wrote:

>  Discussion of ip_pmtu_strategy
>  ----------------------------------
>
>The default value for ip_pmtu_strategy is 1.  This allows for PMTU
>discovery.  Once the issue of this Security Bulletin has been
>resolved via patches the ip_pmtu_strategy value of 1 will again be
>the preferred setting for most situations.
>
>The ip_pmtu_strategy values of 0 and 3 set the PMTU to a fixed
>size for destinations which are not on the local network.
>
>The  ip_pmtu_strategy value of 0 sets the PMTU to 576 bytes.
>Routers are required to handle packets of at least this size.
>
>The ip_pmtu_strategy value of 3 sets the PMTU to 1500 bytes.  This
>will generally result in more efficient transmission than the 576
>byte PMTU.  If it is known that the routers  involved can handle a
>1500 byte MTU the ip_pmtu_strategy value of 3 is preferred.

These assumptions are completely wrong. Please read 
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html

The IPv4 minimum MTU is 68, and not 576. If you blindly send packets larger 
than 68 with the DF bit set, in the case there's an intermmediate with an 
MTU lower that 576, the connection will stall.

576 is the minimum reassembly buffer size. That is the minimum packet size 
every *end-system* should be able to reassemble, and NOT the minimum packet 
size that can get to destination without fragmentation.

Kindest regards,

--
Fernando Gont
e-mail: fernando@...t.com.ar || fgont@....org





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists