From owner-freebsd-security Mon Jan 15 22:40:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 994DC37B400 for ; Mon, 15 Jan 2001 22:40:14 -0800 (PST) Received: from rfx-64-6-211-149.users.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Mon, 15 Jan 2001 22:38:29 -0800 Received: (from cjc@localhost) by rfx-64-6-211-149.users.reflexcom.com (8.11.1/8.11.0) id f0G6eCL51275; Mon, 15 Jan 2001 22:40:12 -0800 (PST) (envelope-from cjc) Date: Mon, 15 Jan 2001 22:40:11 -0800 From: "Crist J. Clark" To: Yonatan Bokovza Cc: freebsd-security@FreeBSD.ORG Subject: Re: FW: ICMP fragmentation required but DF set problems. Message-ID: <20010115224011.G97980@rfx-64-6-211-149.users.reflexco> Reply-To: cjclark@alum.mit.edu References: <00BF97DD9F3FD311AB860060084E50DD782F24@exchange.xpert.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <00BF97DD9F3FD311AB860060084E50DD782F24@exchange.xpert.com>; from Yonatan@xpert.com on Mon, Jan 15, 2001 at 08:45:49PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Jan 15, 2001 at 08:45:49PM +0200, Yonatan Bokovza wrote: > hey, > This was just up on BugTraq. Can anyone add information > to the topic? There are much more interesting attacks available to anyone who cares to try. I haven't read the PMTU discovery RFCs for a while. Can't say if this attack is practical on an RFC-compliant IP stack or if there are ways to defend against it without breaking the RFCs. If you are paranoid, you can turn off PMTU discovery, # sysctl -w net.inet.tcp.path_mtu_discovery=0 -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message