[104346] in North American Network Operators' Group
Re: [NANOG] Microsoft.com PMTUD black hole?
daemon@ATHENA.MIT.EDU (Tomas L. Byrnes)
Wed May 7 16:44:25 2008
Date: Wed, 7 May 2008 13:43:35 -0700
In-Reply-To: <6536F6AA-0810-4255-8116-510FBB9D24A4@muada.com>
From: "Tomas L. Byrnes" <tomb@byrneit.net>
To: "Iljitsch van Beijnum" <iljitsch@muada.com>,
"Michael Sinatra" <michael@rancid.berkeley.edu>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
Some Edumacation on the topic is here:
http://www.netheaven.com/pmtu.html
> -----Original Message-----
> From: Iljitsch van Beijnum [mailto:iljitsch@muada.com]
> Sent: Wednesday, May 07, 2008 1:35 PM
> To: Michael Sinatra
> Cc: nanog@merit.edu
> Subject: Re: [NANOG] Microsoft.com PMTUD black hole?
>
> On 7 mei 2008, at 21:46, Michael Sinatra wrote:
>
> >> MS does in fact block _all_ ICMP
> >> at the edge of their network, that they are aware that
> this will in
> >> fact break PMTUD, and that they have no current plans to
> change this
> >> practice which they have implemented in the interest of security.
>
> > Perhaps
> > they should also block _all_ TCP and UDP as well, and then
> we can move
> > on.
>
> > I agree with Iljitsch that it happens frequently, but I think I am
> > justified in expecting more than that from Microsoft.
> Anything less
> > would be unprofessional.
>
> Right.
>
> Now Microsoft is also the company that built the OS that
> could be crashed by a maliciously crafted fragmented IP
> packet, so maybe there's something to this security policy.
> (One hopes that this bug and others like it are now fixed.)
>
> However, in that case the only workable course of action
> would be TO DISABLE PATH MTU DISCOVERY!
>
> You can't have your cake and eat it too.
>
> _______________________________________________
> NANOG mailing list
> NANOG@nanog.org
> http://mailman.nanog.org/mailman/listinfo/nanog
>
_______________________________________________
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog
