mailing list archives
Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS))
From: Dennis Lubert <plasmahh () informatik uni-bremen de>
Date: Thu, 21 Jul 2005 19:36:41 +0200
At 00:09 20.07.2005, Fernando Gont wrote:
The IPv4 minimum MTU is 68, and not 576. If you blindly send packets
larger than 68 with the DF bit set, in the case there's an intermmediate
with an MTU lower that 576, the connection will stall.
576 is the minimum reassembly buffer size. That is the minimum packet size
every *end-system* should be able to reassemble, and NOT the minimum
packet size that can get to destination without fragmentation.
To be completely correct
<quote RFC 791>
Every internet module must be able to forward a datagram of 68 octets
without further fragmentation. This is because an internet header my be up
to 60 octets, and the minimum fragment is 8 octets.
Every internet destination must be able to receive a datagram of 576 octets
either in one piece or in fragments to be reassembled.
So 576 is the minimum packet size you can get to a destination without
Carpe quod tibi datum est
- Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS)) Dennis Lubert (Jul 22)