lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.58.0507212024220.27430@screamer.tcp-ip.info>
Date: Thu, 21 Jul 2005 20:26:38 -0400 (EDT)
From: Dana Hudes <dhudes@...es.org>
To: Darren Reed <avalon@...igula.anu.edu.au>
Cc: Security Alert <secure@...hs.cup.hp.com>, bugtraq@...urityfocus.com,
	full-disclosure@...ts.grok.org.uk
Subject: Re: (ICMP attacks against TCP) (was Re:
	HPSBUX01137 SSRT5954


you will find a range of MTU sizes in radio links of various sorts which 
is not just 802.11 but also cellular including GPRS CDMA and WCDMA.
Now, in many instances there is a proxy between the mobile station and the 
public network. In fact I wrote a powerpoint presentation summarizing such 
a paper on transparent TCP proxy in WCDMA and its on my site 
http://www.networkengineer.biz  (I took a course in wireless 
architecture).


On Thu, 21 Jul 2005, Darren Reed wrote:

> In some mail from Fernando Gont, sie said:
> > 
> > At 07:25 p.m. 20/07/2005, Darren Reed wrote:
> > 
> > >In some mail from Fernando Gont, sie said:
> > > > The IPv4 minimum MTU is 68, and not 576. If you blindly send packets 
> > > larger
> > > > than 68 with the DF bit set, in the case there's an intermmediate with an
> > > > MTU lower that 576, the connection will stall.
> > >
> > >And I think you can safely say that if you see any packets trying to
> > >indicate that the MTU of a link is "68" then you should ignore it.
> > 
> > Yes. But what about 296?
> > 
> ...
> > >I think it is reasonable to say anyone trying to advertise an MTU less
> > >than 576 has nefarious purposes in mind.
> > 
> > There are still some radio links with MTUs of 296 bytes.
> 
> Go search with google....people still actively use smaller MTUs.
> 
> What do you do?  Where do you draw the line in the sand?
> 
> Darren
> 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ