[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200507210550.j6L5o3tR025736@caligula.anu.edu.au>
Date: Thu, 21 Jul 2005 15:50:03 +1000 (Australia/ACT)
From: Darren Reed <avalon@...igula.anu.edu.au>
To: fernando@....utn.edu.ar (Fernando Gont)
Cc: full-disclosure@...ts.grok.org.uk, Security Alert <secure@...hs.cup.hp.com>,
bugtraq@...urityfocus.com, Darren Reed <avalon@...igula.anu.edu.au>
Subject: Re: (ICMP attacks against TCP) (was Re:
HPSBUX01137 SSRT5954
In some mail from Fernando Gont, sie said:
>
> At 07:25 p.m. 20/07/2005, Darren Reed wrote:
>
> >In some mail from Fernando Gont, sie said:
> > > The IPv4 minimum MTU is 68, and not 576. If you blindly send packets
> > larger
> > > than 68 with the DF bit set, in the case there's an intermmediate with an
> > > MTU lower that 576, the connection will stall.
> >
> >And I think you can safely say that if you see any packets trying to
> >indicate that the MTU of a link is "68" then you should ignore it.
>
> Yes. But what about 296?
>
...
> >I think it is reasonable to say anyone trying to advertise an MTU less
> >than 576 has nefarious purposes in mind.
>
> There are still some radio links with MTUs of 296 bytes.
Go search with google....people still actively use smaller MTUs.
What do you do? Where do you draw the line in the sand?
Darren
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists