Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954
From: Darren Reed <avalon () caligula anu edu au>
Date: Thu, 21 Jul 2005 15:50:03 +1000 (Australia/ACT)

In some mail from Fernando Gont, sie said:

At 07:25 p.m. 20/07/2005, Darren Reed wrote:

In some mail from Fernando Gont, sie said:
The IPv4 minimum MTU is 68, and not 576. If you blindly send packets 
larger
than 68 with the DF bit set, in the case there's an intermmediate with an
MTU lower that 576, the connection will stall.

And I think you can safely say that if you see any packets trying to
indicate that the MTU of a link is "68" then you should ignore it.

Yes. But what about 296?

...
I think it is reasonable to say anyone trying to advertise an MTU less
than 576 has nefarious purposes in mind.

There are still some radio links with MTUs of 296 bytes.

Go search with google....people still actively use smaller MTUs.

What do you do?  Where do you draw the line in the sand?

Darren


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault