|
Bugtraq
mailing list archives
Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954
From: Dana Hudes <dhudes () hudes org>
Date: Thu, 21 Jul 2005 20:26:38 -0400 (EDT)
you will find a range of MTU sizes in radio links of various sorts which
is not just 802.11 but also cellular including GPRS CDMA and WCDMA.
Now, in many instances there is a proxy between the mobile station and the
public network. In fact I wrote a powerpoint presentation summarizing such
a paper on transparent TCP proxy in WCDMA and its on my site
http://www.networkengineer.biz (I took a course in wireless
architecture).
On Thu, 21 Jul 2005, Darren Reed wrote:
In some mail from Fernando Gont, sie said:
At 07:25 p.m. 20/07/2005, Darren Reed wrote:
In some mail from Fernando Gont, sie said:
The IPv4 minimum MTU is 68, and not 576. If you blindly send packets
larger
than 68 with the DF bit set, in the case there's an intermmediate with an
MTU lower that 576, the connection will stall.
And I think you can safely say that if you see any packets trying to
indicate that the MTU of a link is "68" then you should ignore it.
Yes. But what about 296?
...
I think it is reasonable to say anyone trying to advertise an MTU less
than 576 has nefarious purposes in mind.
There are still some radio links with MTUs of 296 bytes.
Go search with google....people still actively use smaller MTUs.
What do you do? Where do you draw the line in the sand?
Darren
 By Date 
By Thread
Current thread:
- (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS)), (continued)
|
Intro
