[nsp-sec] Potential TCP / IP vulnerabilities announcedmidOctober - Outpost24 interview
David Freedman
david.freedman at uk.clara.net
Sat Oct 4 18:42:20 EDT 2008
Just a quick look at the FBSD 4 kernel confirms that this uses a lower value of 296
no idea about anything else closed source.
Dave.
------------------------------------------------
David Freedman
Group Network Engineering
Claranet Limited
http://www.clara.net
-----Original Message-----
From: Florian Weimer [mailto:fweimer at bfk.de]
Sent: Sat 10/4/2008 15:30
To: David Freedman
Cc: Chris Morrow; nsp-security at puck.nether.net
Subject: Re: [nsp-sec] Potential TCP / IP vulnerabilities announcedmidOctober - Outpost24 interview
* David Freedman:
> Yes, well, I could sit there spoofing TOOBIG messages
> and make the node send smaller (but more) packets
> driving its CPU up, surely?
Linux limits the discovered path MTU to something around 550 bytes by
default. I don't think this has caused any problems, and it limits
the overhead you can introduce.
(Obviously, I totally agree that this issue is worth fixing if your
stack goes down to arbitrary PMTU values.)
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list