lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6.2.0.14.0.20050720193100.038a97d0@pop.frh.utn.edu.ar>
Date: Wed Jul 20 23:35:38 2005
From: fernando at frh.utn.edu.ar (Fernando Gont)
Subject: Re: (ICMP attacks against TCP) (was Re:
 HPSBUX01137 SSRT5954 rev.4

At 07:25 p.m. 20/07/2005, Darren Reed wrote:

>In some mail from Fernando Gont, sie said:
> > The IPv4 minimum MTU is 68, and not 576. If you blindly send packets 
> larger
> > than 68 with the DF bit set, in the case there's an intermmediate with an
> > MTU lower that 576, the connection will stall.
>
>And I think you can safely say that if you see any packets trying to
>indicate that the MTU of a link is "68" then you should ignore it.

Yes. But what about 296?



>Ignoring quenches as a problem, if you try to send 10K of data to a
>box that has an MTU of 68, 1200+ packets are required vs less than 10
>for an ethernet MTU.  The problem is 1200 packets require a lot more
>system time to send than 6 or 7.  A different kind of DoS attack.

?
That of "more system time" required was listed as one of the effects of the 
PMTUD attack in one of the e-mails I sent today.
Not sure what you are saying about ICMP Source Quenches....



>I think it is reasonable to say anyone trying to advertise an MTU less
>than 576 has nefarious purposes in mind.

There are still some radio links with MTUs of 296 bytes.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ