Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954

From: Fernando Gont <fernando () frh utn edu ar>
Date: Fri, 22 Jul 2005 00:04:52 -0300
At 02:17 p.m. 21/07/2005, Casper.Dik () Sun COM wrote:


>> There are still some radio links with MTUs of 296 bytes.
>
>Go search with google....people still actively use smaller MTUs.
>
>What do you do?  Where do you draw the line in the sand?

Well, the minimum requirement for "you must be able to reassemble this"
is 576; so you use PMTU until you go as low as 576 at which point you
stop using the DF bit


I assume you are not proposing this as the solution to the problem.
If you do, I'd just spoof an ICMP "fragmentation needed and DF bit set" that advertises an MTU lower than 576. 
And then would attack you with IP fragments.

Kindest regards,

--
Fernando Gont
e-mail: fernando () gont com ar || fgont () acm org





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: