Security Incidents mailing list archives

Re: MISC Large ICMP Packet

From: Chris Hobbs <chobbs () silvervalley k12 ca us>
Date: Thu, 26 Jul 2001 09:52:10 -0700

Both you and Valdis nailed it - from hostmgr.uiuc.edu:

-----
This is hostmgr () uiuc edu.  I checked around and found out that
vacuum.cso.uiuc.edu is running our list-serv software.  I also
found out by default, AIX 4.3.x uses large ICMP packets to do 
some sort of MTU discovery on remote networks.  When it becomes 
a problem, it can be easily disabled, which our system admin has
now done on vacuum.
-----

Kudos to them for a really fast repsonse - 45 minutes from the time I
sent the first e-mail :)

Opus wrote:


This is most likely an AIX box which by default has MTU discovery enabled
used to discover what size of packets it can send.  This can be sdisabled
on the AIX box with the following command.  This is not intended to be
malicious.

no -o tcp_pmtu_discover=0


-- 
Chris Hobbs       Silver Valley Unified School District
Head geek:              Technology Services Coordinator
webmaster:   http://www.silvervalley.k12.ca.us/~chobbs/
postmaster:               chobbs () silvervalley k12 ca us

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

MISC Large ICMP Packet Chris Hobbs (Jul 26)
- Re: MISC Large ICMP Packet Opus (Jul 26)
  - Re: MISC Large ICMP Packet Chris Hobbs (Jul 26)
- Re: MISC Large ICMP Packet Valdis . Kletnieks (Jul 26)