|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Path-MTU-discovery
On Mon, 17 Jul 2000, Mikael Abrahamsson wrote: > On Mon, 17 Jul 2000, Patrick W. Gilmore wrote: > > > Wow, why would the ICMPs get lost? > > I think it's because of access lists etc. I am not the one who have > set it up so I do not know. We've had this problem from two different > companies (one for our national needs and one for our international > needs). The international one has solved it with what you mention > below. Wouldn't it be unfortunante if the script kiddies decided to do DoS over ICMP Need-Frag... This is a very bad situation we find ourselves in you realize? The quicker we find a way to get rid of this rather bad hack the better. Rate-limits of need-frag can help, but many people are still in a position where their filters leave need-frag wide open and they can't or aren't currently rate limiting. The PMTU-D blackhole detection-type checks help keep this current hack alive a little longer. I'm not currently aware of the extent to which various OS's implement this kind of thing, any ideas? -- Richard A Steenbergen <[email protected]> http://www.e-gerbil.net/humble PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
|