nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NANOG] Microsoft.com PMTUD black hole?

From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Wed, 7 May 2008 22:35:14 +0200
On 7 mei 2008, at 21:46, Michael Sinatra wrote:


MS does in fact block _all_ ICMP
at the edge of their network, that they are aware that this will in  
fact
break PMTUD, and that they have no current plans to change this  
practice
which they have implemented in the interest of security.



Perhaps
they should also block _all_ TCP and UDP as well, and then we can  
move on.



I agree with Iljitsch that it happens frequently, but I think I am
justified in expecting more than that from Microsoft.  Anything less
would be unprofessional.


Right.

Now Microsoft is also the company that built the OS that could be  
crashed by a maliciously crafted fragmented IP packet, so maybe  
there's something to this security policy. (One hopes that this bug  
and others like it are now fixed.)

However, in that case the only workable course of action would be TO  
DISABLE PATH MTU DISCOVERY!

You can't have your cake and eat it too.

_______________________________________________
NANOG mailing list
NANOG () nanog org
http://mailman.nanog.org/mailman/listinfo/nanog
Previous By Date Next
Previous By Thread Next

Current thread: