[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6.2.0.14.0.20050720193100.038a97d0@pop.frh.utn.edu.ar>
Date: Wed, 20 Jul 2005 19:35:55 -0300
From: Fernando Gont <fernando@....utn.edu.ar>
To: Darren Reed <avalon@...igula.anu.edu.au>
Cc: full-disclosure@...ts.grok.org.uk, Security Alert <secure@...hs.cup.hp.com>,
bugtraq@...urityfocus.com
Subject: Re: (ICMP attacks against TCP) (was Re:
HPSBUX01137 SSRT5954 rev.4
At 07:25 p.m. 20/07/2005, Darren Reed wrote:
>In some mail from Fernando Gont, sie said:
> > The IPv4 minimum MTU is 68, and not 576. If you blindly send packets
> larger
> > than 68 with the DF bit set, in the case there's an intermmediate with an
> > MTU lower that 576, the connection will stall.
>
>And I think you can safely say that if you see any packets trying to
>indicate that the MTU of a link is "68" then you should ignore it.
Yes. But what about 296?
>Ignoring quenches as a problem, if you try to send 10K of data to a
>box that has an MTU of 68, 1200+ packets are required vs less than 10
>for an ethernet MTU. The problem is 1200 packets require a lot more
>system time to send than 6 or 7. A different kind of DoS attack.
?
That of "more system time" required was listed as one of the effects of the
PMTUD attack in one of the e-mails I sent today.
Not sure what you are saying about ICMP Source Quenches....
>I think it is reasonable to say anyone trying to advertise an MTU less
>than 576 has nefarious purposes in mind.
There are still some radio links with MTUs of 296 bytes.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists