[nsp-sec] Potential TCP / IP vulnerabilities announcedmidOctober - Outpost24 interview
Florian Weimer
fweimer at bfk.de
Sat Oct 4 10:30:59 EDT 2008
* David Freedman:
> Yes, well, I could sit there spoofing TOOBIG messages
> and make the node send smaller (but more) packets
> driving its CPU up, surely?
Linux limits the discovered path MTU to something around 550 bytes by
default. I don't think this has caused any problems, and it limits
the overhead you can introduce.
(Obviously, I totally agree that this issue is worth fixing if your
stack goes down to arbitrary PMTU values.)
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list