[39791] in bugtraq
Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4
daemon@ATHENA.MIT.EDU (Darren Reed)
Thu Jul 21 15:59:54 2005
From: Darren Reed <avalon@caligula.anu.edu.au>
Message-Id: <200507202225.j6KMPni9026020@caligula.anu.edu.au>
To: fernando@frh.utn.edu.ar (Fernando Gont)
Date: Thu, 21 Jul 2005 08:25:49 +1000 (Australia/ACT)
Cc: secure@hpchs.cup.hp.com (Security Alert), bugtraq@securityfocus.com,
full-disclosure@lists.grok.org.uk
In-Reply-To: <6.2.0.14.0.20050719180915.04374ea8@pop.frh.utn.edu.ar> from "Fernando Gont" at Jul 19, 2005 07:09:33 PM
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
In some mail from Fernando Gont, sie said:
> The IPv4 minimum MTU is 68, and not 576. If you blindly send packets larger
> than 68 with the DF bit set, in the case there's an intermmediate with an
> MTU lower that 576, the connection will stall.
And I think you can safely say that if you see any packets trying to
indicate that the MTU of a link is "68" then you should ignore it.
This came up some years ago in discussion about ... hmm... I think it
was what made a good (or sensible) "fragmentation required" ICMP message.
Ignoring quenches as a problem, if you try to send 10K of data to a
box that has an MTU of 68, 1200+ packets are required vs less than 10
for an ethernet MTU. The problem is 1200 packets require a lot more
system time to send than 6 or 7. A different kind of DoS attack.
I think it is reasonable to say anyone trying to advertise an MTU less
than 576 has nefarious purposes in mind.
oh, IPv6 guarantees a min. MTU of 1280.
Lets just stop using IPv4 already.
Darren
