On Mon, 17 Jul 2000, Mikael Abrahamsson wrote:
On Mon, 17 Jul 2000, Patrick W. Gilmore wrote:
Wow, why would the ICMPs get lost?
I think it's because of access lists etc. I am not the one who have set it up so I do not know. We've had this problem from two different companies (one for our national needs and one for our international needs). The international one has solved it with what you mention below.
Wouldn't it be unfortunante if the script kiddies decided to do DoS over ICMP Need-Frag... This is a very bad situation we find ourselves in you realize? The quicker we find a way to get rid of this rather bad hack the better. Rate-limits of need-frag can help, but many people are still in a position where their filters leave need-frag wide open and they can't or aren't currently rate limiting. The PMTU-D blackhole detection-type checks help keep this current hack alive a little longer. I'm not currently aware of the extent to which various OS's implement this kind of thing, any ideas? -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/humble PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)