Penetration Testing mailing list archives
ICMP unreachable question
From: "Steve Culligan" <stephen_culligan () hotmail com>
Date: Fri, 26 Oct 2001 11:05:24 +0100
I'm interested in a particular ICMP packet which seems to change the client / servers MTU size.
The scenario is like thisclient----------->Router-vpn-vpn-vpn-vpn-vpn-Router --------------->Firewall ------------->Server
- Client initiates a connection with the server and starts to transmit data.- Router places its ESP header on the packets coming from the server which brings the MTU over the maximum size
- Router sends the following packet back to the server icmp: 172.*.*.* unreachable - need to frag (mtu 1454)- ICMP packet from the router gets blocked by the firewall and the connection is eventually lost as the router cannot handle this MTU size.
butIf the Firewall permits the ICMP packet from the router through to the server, the server will lower its MTU and continue the connection.
So my question is , Can this be used as a denial of service attack to continually send these ICMP packets to a server to confuse it or bring it down. Anybody had any experience with this or know any tools which can generate these ICMP reachable packets ?
Regards, Steve Culligan _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- ICMP unreachable question Steve Culligan (Oct 26)
- Re: ICMP unreachable question Penetration Testing (Oct 29)
- RE: ICMP unreachable question Ofir Arkin (Oct 29)
- Re: ICMP unreachable question Crist J. Clark (Oct 30)