Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 4 Jan 2002 13:26:54 -0800
From:      William Carrel <william.carrel@infospace.com>
To:        Terry Lambert <tlambert2@mindspring.com>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: path_mtu_discovery
Message-ID:  <C64F7C2E-0159-11D6-9ED7-003065B4E0E8@infospace.com>
In-Reply-To: <3C36149B.B9C02DCF@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Friday, January 4, 2002, at 12:46 PM, Terry Lambert wrote:
> William Carrel wrote:
>
>> ipfilter with 'keep state' on the connections will automatically =
allow
>> back in relevant ICMP messages such as mustfrag.
>
> Heh... I need to try to write a "mustfrag" daemon, which will
> spoof them back whenever it sees traffic... and see what happens.

See now you've made me curious, and I ask myself questions like: How=20
robust is PMTU-D against someone malicious who wants to make us send=20
tinygrams?  Could the connection eventually be forced down to an MTU so=20=

low that no actual data transfer could occur, or TCP frames with only=20
one byte of information?

Granted, the malicious person has to send back a valid set of headers=20
with their ICMP to get through ipfilter; but now I have this bad feeling=20=

lurking in the back of my mind...

The bad feeling is helped along by observing sys/netinet/ip_icmp.c and=20=

the fact that as long as the MTU suggested is greater than 296 bytes we=20=

accept the values of any ICMP mustfrag that comes in provided we have a=20=

host route for it.

I suppose we'll always get a couple hundred bytes in edgewise anyway,=20
but it all makes for an interesting exercise.  I wonder about the=20
robustness of other operating systems to such an attack...

--
     Andy Carrel - william.carrel@infospace.com - +1 (425) 201-8745
Se=F1or Systems Eng. - Corporate Infrastructure Applications - InfoSpace


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C64F7C2E-0159-11D6-9ED7-003065B4E0E8>