| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6.2.0.14.0.20050720193100.038a97d0@pop.frh.utn.edu.ar> Date: Wed Jul 20 23:35:38 2005 From: fernando at frh.utn.edu.ar (Fernando Gont) Subject: Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 At 07:25 p.m. 20/07/2005, Darren Reed wrote: >In some mail from Fernando Gont, sie said: > > The IPv4 minimum MTU is 68, and not 576. If you blindly send packets > larger > > than 68 with the DF bit set, in the case there's an intermmediate with an > > MTU lower that 576, the connection will stall. > >And I think you can safely say that if you see any packets trying to >indicate that the MTU of a link is "68" then you should ignore it. Yes. But what about 296? >Ignoring quenches as a problem, if you try to send 10K of data to a >box that has an MTU of 68, 1200+ packets are required vs less than 10 >for an ethernet MTU. The problem is 1200 packets require a lot more >system time to send than 6 or 7. A different kind of DoS attack. ? That of "more system time" required was listed as one of the effects of the PMTUD attack in one of the e-mails I sent today. Not sure what you are saying about ICMP Source Quenches.... >I think it is reasonable to say anyone trying to advertise an MTU less >than 576 has nefarious purposes in mind. There are still some radio links with MTUs of 296 bytes.
Powered by blists - more mailing lists