lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200507202225.j6KMPni9026020@caligula.anu.edu.au>
Date: Wed Jul 20 23:40:51 2005
From: avalon at caligula.anu.edu.au (Darren Reed)
Subject: Re: (ICMP attacks against TCP) (was Re:
	HPSBUX01137 SSRT5954 rev.4

In some mail from Fernando Gont, sie said:
> The IPv4 minimum MTU is 68, and not 576. If you blindly send packets larger 
> than 68 with the DF bit set, in the case there's an intermmediate with an 
> MTU lower that 576, the connection will stall.

And I think you can safely say that if you see any packets trying to
indicate that the MTU of a link is "68" then you should ignore it.

This came up some years ago in discussion about ... hmm... I think it
was what made a good (or sensible) "fragmentation required" ICMP message.

Ignoring quenches as a problem, if you try to send 10K of data to a
box that has an MTU of 68, 1200+ packets are required vs less than 10
for an ethernet MTU.  The problem is 1200 packets require a lot more
system time to send than 6 or 7.  A different kind of DoS attack.

I think it is reasonable to say anyone trying to advertise an MTU less
than 576 has nefarious purposes in mind.

oh, IPv6 guarantees a min. MTU of 1280.

Lets just stop using IPv4 already.

Darren

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ