Date: Mon, 15 Jan 2001 22:40:11 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Yonatan Bokovza <Yonatan@xpert.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: FW: ICMP fragmentation required but DF set problems. Message-ID: <20010115224011.G97980@rfx-64-6-211-149.users.reflexco> In-Reply-To: <00BF97DD9F3FD311AB860060084E50DD782F24@exchange.xpert.com>; from Yonatan@xpert.com on Mon, Jan 15, 2001 at 08:45:49PM %2B0200 References: <00BF97DD9F3FD311AB860060084E50DD782F24@exchange.xpert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 15, 2001 at 08:45:49PM +0200, Yonatan Bokovza wrote: > hey, > This was just up on BugTraq. Can anyone add information > to the topic? There are much more interesting attacks available to anyone who cares to try. I haven't read the PMTU discovery RFCs for a while. Can't say if this attack is practical on an RFC-compliant IP stack or if there are ways to defend against it without breaking the RFCs. If you are paranoid, you can turn off PMTU discovery, # sysctl -w net.inet.tcp.path_mtu_discovery=0 -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010115224011.G97980>