[38915] in North American Network Operators' Group
RE: DDOS anecdotes
daemon@ATHENA.MIT.EDU (Tim Devries)
Sat Jun 23 16:25:18 2001
Message-ID: <05924A4A9DEDAD46A21EE3C8C64B090D2EDEB5@cheetah.zoo.q9networks.com>
From: Tim Devries <Tim.Devries@Q9.com>
To: 'Mikael Abrahamsson' <swmike@swm.pp.se>,
"'nanog@merit.edu'" <nanog@merit.edu>
Date: Sat, 23 Jun 2001 16:24:45 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C0FC22.8C12E608"
Errors-To: owner-nanog-outgoing@merit.edu
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C0FC22.8C12E608
Content-Type: text/plain;
charset="iso-8859-1"
-----Original Message-----
From: Mikael Abrahamsson [mailto:swmike@swm.pp.se]
Sent: Saturday, June 23, 2001 4:16 PM
To: 'nanog@merit.edu'
Subject: RE: DDOS anecdotes
On Sat, 23 Jun 2001, Tim Devries wrote:
> FYI beware of service pack 2. It sets the DF bit so packets cannot
> fragment. Particularily offensive if your server is on the other side of
a
> tunnel (due to the overhead). The solution is to reduce the MTU on the
box.
> Or use a different OS :)
>I thought this was standard behaviour of Microsoft OSes since at least
>Win95. I know NT does this as standard, so does Win95 and 98. Win2k does
>this standard out of the box (at least last time I checked).
I have tested it with sp1 and this behaviour does not occur.
I have not tested it without any serverice packs so you may be correct in
that regard.
Tim Devries
Technical Trainer
Q9 Networks
100% Uptime
------_=_NextPart_001_01C0FC22.8C12E608
Content-Type: text/html;
charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2650.12">
<TITLE>RE: DDOS anecdotes</TITLE>
</HEAD>
<BODY>
<BR>
<BR>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Mikael Abrahamsson [<A HREF="mailto:swmike@swm.pp.se">mailto:swmike@swm.pp.se</A>]</FONT>
<BR><FONT SIZE=2>Sent: Saturday, June 23, 2001 4:16 PM</FONT>
<BR><FONT SIZE=2>To: 'nanog@merit.edu'</FONT>
<BR><FONT SIZE=2>Subject: RE: DDOS anecdotes</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=2>On Sat, 23 Jun 2001, Tim Devries wrote:</FONT>
</P>
<P><FONT SIZE=2>> FYI beware of service pack 2. It sets the DF bit so packets cannot</FONT>
<BR><FONT SIZE=2>> fragment. Particularily offensive if your server is on the other side of a</FONT>
<BR><FONT SIZE=2>> tunnel (due to the overhead). The solution is to reduce the MTU on the box.</FONT>
<BR><FONT SIZE=2>> Or use a different OS :)</FONT>
</P>
<P><FONT SIZE=2>>I thought this was standard behaviour of Microsoft OSes since at least</FONT>
<BR><FONT SIZE=2>>Win95. I know NT does this as standard, so does Win95 and 98. Win2k does</FONT>
<BR><FONT SIZE=2>>this standard out of the box (at least last time I checked).</FONT>
</P>
<BR>
<P><FONT SIZE=2>I have tested it with sp1 and this behaviour does not occur.</FONT>
<BR><FONT SIZE=2>I have not tested it without any serverice packs so you may be correct in that regard.</FONT>
</P>
<P><FONT SIZE=2>Tim Devries</FONT>
<BR><FONT SIZE=2>Technical Trainer</FONT>
<BR><FONT SIZE=2>Q9 Networks</FONT>
<BR><FONT SIZE=2>100% Uptime</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C0FC22.8C12E608--
