| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200507202225.j6KMPni9026020@caligula.anu.edu.au> Date: Thu, 21 Jul 2005 08:25:49 +1000 (Australia/ACT) From: Darren Reed <avalon@...igula.anu.edu.au> To: fernando@....utn.edu.ar (Fernando Gont) Cc: full-disclosure@...ts.grok.org.uk, Security Alert <secure@...hs.cup.hp.com>, bugtraq@...urityfocus.com Subject: Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 In some mail from Fernando Gont, sie said: > The IPv4 minimum MTU is 68, and not 576. If you blindly send packets larger > than 68 with the DF bit set, in the case there's an intermmediate with an > MTU lower that 576, the connection will stall. And I think you can safely say that if you see any packets trying to indicate that the MTU of a link is "68" then you should ignore it. This came up some years ago in discussion about ... hmm... I think it was what made a good (or sensible) "fragmentation required" ICMP message. Ignoring quenches as a problem, if you try to send 10K of data to a box that has an MTU of 68, 1200+ packets are required vs less than 10 for an ethernet MTU. The problem is 1200 packets require a lot more system time to send than 6 or 7. A different kind of DoS attack. I think it is reasonable to say anyone trying to advertise an MTU less than 576 has nefarious purposes in mind. oh, IPv6 guarantees a min. MTU of 1280. Lets just stop using IPv4 already. Darren _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists