Security Incidents mailing list archives
Re: MISC Large ICMP Packet
From: Chris Hobbs <chobbs () silvervalley k12 ca us>
Date: Thu, 26 Jul 2001 09:52:10 -0700
Both you and Valdis nailed it - from hostmgr.uiuc.edu: ----- This is hostmgr () uiuc edu. I checked around and found out that vacuum.cso.uiuc.edu is running our list-serv software. I also found out by default, AIX 4.3.x uses large ICMP packets to do some sort of MTU discovery on remote networks. When it becomes a problem, it can be easily disabled, which our system admin has now done on vacuum. ----- Kudos to them for a really fast repsonse - 45 minutes from the time I sent the first e-mail :) Opus wrote:
This is most likely an AIX box which by default has MTU discovery enabled used to discover what size of packets it can send. This can be sdisabled on the AIX box with the following command. This is not intended to be malicious. no -o tcp_pmtu_discover=0
-- Chris Hobbs Silver Valley Unified School District Head geek: Technology Services Coordinator webmaster: http://www.silvervalley.k12.ca.us/~chobbs/ postmaster: chobbs () silvervalley k12 ca us ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- MISC Large ICMP Packet Chris Hobbs (Jul 26)
- Re: MISC Large ICMP Packet Opus (Jul 26)
- Re: MISC Large ICMP Packet Chris Hobbs (Jul 26)
- Re: MISC Large ICMP Packet Valdis . Kletnieks (Jul 26)
- Re: MISC Large ICMP Packet Opus (Jul 26)