[21437] in bugtraq
RE: Small TCP packets == very large overhead == DoS?
daemon@ATHENA.MIT.EDU (David LeBlanc)
Tue Jul 10 10:39:07 2001
Reply-To: <dleblanc@mindspring.com>
From: "David LeBlanc" <dleblanc@mindspring.com>
To: "'Darren Reed'" <avalon@coombs.anu.edu.au>, <bugtraq@securityfocus.com>
Cc: <Russ.Cooper@rc.on.ca>
Date: Tue, 10 Jul 2001 01:04:36 -0700
Message-ID: <00e301c10917$5fa5be40$0100a8c0@davenet.local>
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
In-Reply-To: <200107092330.JAA00209@caligula.anu.edu.au>
> From: Darren Reed [mailto:avalon@coombs.anu.edu.au]
> In some mail from Russ, sie said:
> I think some people are not understanding the difference between the
> TCP MSS and IP's MTU. Either that or both you and David LeBlanc are
> grasping at straws in order to make WindowsNT look better ;)
I understand that difference. I'm not grasping at straws, I'm just wrong.
Ooops. This happens occasionally.
<struggles to get foot out of mouth...>
> MTU and Path MTU (PMTU) discovery are not the same as TCP's
> MSS but they
> can and do impact it.
Understood. I was hoping that if you turned off PMTU discovery, that it
would also ignore MSS and just send default sized packets. Unfortunately, I
don't think that's the case. Doh!
> Given all of the above, the suggestion both you and David LeBlanc made
> that Windows fixed things at a default of 576 when PMTU discovery was
> enabled is not true and I proved this in testing.
OK, OK, you win.
I'm sure you meant to write: "when PMTU discovery was DISabled"
> and so on. Essentially, on both of those platforms all it does is
> control whether the "don't fragment" bit (0x4000) is set in the IP
> offset field.
Actually, a bit more than that - it also means that it drops the rest of the
PMTU discovery process and uses a default value, apparently unless the
client specifies something else.
<falls back, punts...>
>I get the same lack of an
> answer on how to set a minimum acceptable MSS now as I did then.
I'll see what I can come up with.
