Date: Fri, 4 Jan 2002 13:26:54 -0800 From: William Carrel <william.carrel@infospace.com> To: Terry Lambert <tlambert2@mindspring.com> Cc: freebsd-hackers@freebsd.org Subject: Re: path_mtu_discovery Message-ID: <C64F7C2E-0159-11D6-9ED7-003065B4E0E8@infospace.com> In-Reply-To: <3C36149B.B9C02DCF@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday, January 4, 2002, at 12:46 PM, Terry Lambert wrote:
> William Carrel wrote:
>
>> ipfilter with 'keep state' on the connections will automatically allow
>> back in relevant ICMP messages such as mustfrag.
>
> Heh... I need to try to write a "mustfrag" daemon, which will
> spoof them back whenever it sees traffic... and see what happens.
See now you've made me curious, and I ask myself questions like: How
robust is PMTU-D against someone malicious who wants to make us send
tinygrams? Could the connection eventually be forced down to an MTU so
low that no actual data transfer could occur, or TCP frames with only
one byte of information?
Granted, the malicious person has to send back a valid set of headers
with their ICMP to get through ipfilter; but now I have this bad feeling
lurking in the back of my mind...
The bad feeling is helped along by observing sys/netinet/ip_icmp.c and
the fact that as long as the MTU suggested is greater than 296 bytes we
accept the values of any ICMP mustfrag that comes in provided we have a
host route for it.
I suppose we'll always get a couple hundred bytes in edgewise anyway,
but it all makes for an interesting exercise. I wonder about the
robustness of other operating systems to such an attack...
--
Andy Carrel - william.carrel@infospace.com - +1 (425) 201-8745
Seņor Systems Eng. - Corporate Infrastructure Applications - InfoSpace
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C64F7C2E-0159-11D6-9ED7-003065B4E0E8>