[104362] in North American Network Operators' Group
Re: [NANOG] Microsoft.com PMTUD black hole?
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Bj=F8rn_Mork?=)
Thu May 8 03:00:33 2008
From: =?iso-8859-1?Q?Bj=F8rn_Mork?= <bjorn@mork.no>
To: nanog@merit.edu
Date: Thu, 08 May 2008 09:00:19 +0200
In-Reply-To: <6536F6AA-0810-4255-8116-510FBB9D24A4@muada.com> (Iljitsch van
Beijnum's message of "Wed, 7 May 2008 22:35:14 +0200")
Errors-To: nanog-bounces@nanog.org
Iljitsch van Beijnum <iljitsch@muada.com> writes:
> Now Microsoft is also the company that built the OS that could be =
> crashed by a maliciously crafted fragmented IP packet, so maybe =
> there's something to this security policy. (One hopes that this bug =
> and others like it are now fixed.)
Although the fact that Microsoft block all icmp makes me wonder which
unfixed icmp related security holes they know about... =
I am not saying that there are any such holes in current Windows
versions, but I will certainly not use a Windows server in an
environment where I could receive icmp after learning that Microsoft
themselves don't trust Windows' icmp handling.
After all, Microsoft must have a reason to block all icmp. Or?
> However, in that case the only workable course of action would be TO =
> DISABLE PATH MTU DISCOVERY!
>
> You can't have your cake and eat it too.
But maybe the death of icmp is worth some sort of ceremony? Cake or
not. =
Bj=F8rn
_______________________________________________
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog
