North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [NANOG] Microsoft.com PMTUD black hole?
Iljitsch van Beijnum <[email protected]> writes: > Now Microsoft is also the company that built the OS that could be > crashed by a maliciously crafted fragmented IP packet, so maybe > there's something to this security policy. (One hopes that this bug > and others like it are now fixed.) Although the fact that Microsoft block all icmp makes me wonder which unfixed icmp related security holes they know about... I am not saying that there are any such holes in current Windows versions, but I will certainly not use a Windows server in an environment where I could receive icmp after learning that Microsoft themselves don't trust Windows' icmp handling. After all, Microsoft must have a reason to block all icmp. Or? > However, in that case the only workable course of action would be TO > DISABLE PATH MTU DISCOVERY! > > You can't have your cake and eat it too. But maybe the death of icmp is worth some sort of ceremony? Cake or not. Bjørn _______________________________________________ NANOG mailing list [email protected] http://mailman.nanog.org/mailman/listinfo/nanog
|