nanog mailing list archives

Re: [NANOG] Microsoft.com PMTUD black hole?

From: Bjørn Mork <bjorn () mork no>
Date: Thu, 08 May 2008 09:00:19 +0200

Iljitsch van Beijnum <iljitsch () muada com> writes:

Now Microsoft is also the company that built the OS that could be  
crashed by a maliciously crafted fragmented IP packet, so maybe  
there's something to this security policy. (One hopes that this bug  
and others like it are now fixed.)


Although the fact that Microsoft block all icmp makes me wonder which
unfixed icmp related security holes they know about...  

I am not saying that there are any such holes in current Windows
versions, but I will certainly not use a Windows server in an
environment where I could receive icmp after learning that Microsoft
themselves don't trust Windows' icmp handling.

After all, Microsoft must have a reason to block all icmp.  Or?

However, in that case the only workable course of action would be TO  
DISABLE PATH MTU DISCOVERY!

You can't have your cake and eat it too.


But maybe the death of icmp is worth some sort of ceremony?  Cake or
not. 



Bjørn

_______________________________________________
NANOG mailing list
NANOG () nanog org
http://mailman.nanog.org/mailman/listinfo/nanog

Current thread:

Re: [NANOG] Microsoft.com PMTUD black hole?, (continued)
- - - Re: [NANOG] Microsoft.com PMTUD black hole? Tomas L. Byrnes (May 07)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Nathan Anderson/FSR (May 07)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Iljitsch van Beijnum (May 07)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Nathan Anderson/FSR (May 07)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Tomas L. Byrnes (May 07)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Iljitsch van Beijnum (May 07)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Tomas L. Byrnes (May 07)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Nathan Anderson/FSR (May 07)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Tomas L. Byrnes (May 07)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Nathan Anderson/FSR (May 07)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Bjørn Mork (May 08)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Joel Jaeggli (May 08)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Iljitsch van Beijnum (May 08)
    - Re: [NANOG] [OPSEC] Microsoft.com PMTUD black hole? Smith, Donald (May 08)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Hank Nussbacher (May 08)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Deepak Jain (May 07)
    - Re: [NANOG] Microsoft.com PMTUD black hole? SML (May 07)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Tony Finch (May 08)
    - Re: [NANOG] Microsoft.com PMTUD black hole? Blaine Christian (May 08)
    - [NANOG] msnalerts () microsoft com invalid now (Was Re: Microsoft.com PMTUD black hole?) Mark Smith (May 16)
    - [NANOG] msnalert () microsoft com valid (was Re: msnalerts () microsoft com invalid now) Mark Smith (May 16)

(Thread continues...)