RE: Digital Island sponsors DoS attempt?
That's all fine Valdis, but no one does MTU check on the internet or pmtu checks. This is all LAN-based... -----Original Message----- From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] Sent: Friday, October 26, 2001 11:49 AM To: Dave Siegel Cc: nanog@merit.edu Subject: Re: Digital Island sponsors DoS attempt? On Fri, 26 Oct 2001 09:32:39 PDT, Dave Siegel said:
If you have a list of prefix's you intend to measure, it would not be
If. This list comes from *where*? What if I pointed out that IBM's AIX implements Path MTU Discovery by sending an ICMP packet with max MTU and the DF bit set (so it can discover the *max* MTU even if the first *TCP* packet is not a full MTU long)? Are you saying that I should contact each prefix that my Listserv machine is sending mail to, to get permission to negotiate PMTU discovery? Ouch. That's 600K subscribers, and I need to go look up where their MX entries point to, figure out what AS the destination is in, and send the AS contact mail (assuming that 'whois' actually has valid data) - and then repeat for every new subscriber to a list from an AS we haven't contacted before. No? That seems silly? How is it any different from 5 PING packets so a site can decide which server to send stuff from? Where do you draw the line?
transit providers needn't be involved, as transit providers typically don't measure icmp flows bound to customers.
We've seen cases where transit providers do things like install blackhole routing because they disagree with a site because of their traffic. This proves that at least *some* transit providers care about *some* traffic for *some* reason. Again, where do you draw the line? -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
On Fri, 26 Oct 2001 12:01:38 CDT, "Quibell, Marc" said:
That's all fine Valdis, but no one does MTU check on the internet or pmtu checks. This is all LAN-based...
Umm.. I'm confused. What's all LAN-based? Or you saying that PMTU Discovery isn't used *at all*? Or that it's not *widely* used, mostly because a large chunk of the net *is* stuck at 1500-byte MTUs, and a large fraction of the rest has broken PMTU discovery because of boneheaded ICMP filtering? -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
participants (2)
-
Quibell, Marc
-
Valdis.Kletnieks@vt.edu