Full Disclosure mailing list archives
(ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS))
From: Fernando Gont <fernando () frh utn edu ar>
Date: Tue, 19 Jul 2005 19:09:33 -0300
At 08:35 a.m. 19/07/2005, Security Alert wrote:
Discussion of ip_pmtu_strategy ---------------------------------- The default value for ip_pmtu_strategy is 1. This allows for PMTU discovery. Once the issue of this Security Bulletin has been resolved via patches the ip_pmtu_strategy value of 1 will again be the preferred setting for most situations. The ip_pmtu_strategy values of 0 and 3 set the PMTU to a fixed size for destinations which are not on the local network. The ip_pmtu_strategy value of 0 sets the PMTU to 576 bytes. Routers are required to handle packets of at least this size. The ip_pmtu_strategy value of 3 sets the PMTU to 1500 bytes. This will generally result in more efficient transmission than the 576 byte PMTU. If it is known that the routers involved can handle a 1500 byte MTU the ip_pmtu_strategy value of 3 is preferred.
These assumptions are completely wrong. Please read http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
The IPv4 minimum MTU is 68, and not 576. If you blindly send packets larger than 68 with the DF bit set, in the case there's an intermmediate with an MTU lower that 576, the connection will stall.
576 is the minimum reassembly buffer size. That is the minimum packet size every *end-system* should be able to reassemble, and NOT the minimum packet size that can get to destination without fragmentation.
Kindest regards, -- Fernando Gont e-mail: fernando () gont com ar || fgont () acm org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS)) Fernando Gont (Jul 19)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 Darren Reed (Jul 20)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 Fernando Gont (Jul 20)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 Darren Reed (Jul 21)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 Casper . Dik (Jul 21)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 Fernando Gont (Jul 21)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 Fernando Gont (Jul 21)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 Dana Hudes (Jul 22)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 Darren Reed (Jul 22)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 Fernando Gont (Jul 20)
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 Darren Reed (Jul 20)