-----Original Message----- From: woods@weird.com [mailto:woods@weird.com] Sent: Saturday, June 23, 2001 3:56 PM To: nanog@merit.edu Subject: RE: DDOS anecdotes [ On Saturday, June 23, 2001 at 20:04:06 (+0200), Mikael Abrahamsson wrote: ]
Subject: RE: DDOS anecdotes
This is a real problem. It's not FUD. Microsofts choice to include full IP stack capabilities will make the problem worse, but I do not blame their IP stack for this like Mr Gibson does though.
No, their stack's not the root of the problem -- all the rest of their OS is (and of course in particular the security model, or lack thereof).
FYI beware of service pack 2. It sets the DF bit so packets cannot fragment. Particularily offensive if your server is on the other side of a tunnel (due to the overhead). The solution is to reduce the MTU on the box. Or use a different OS :) Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <woods@robohack.ca> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
On Sat, 23 Jun 2001, Tim Devries wrote:
FYI beware of service pack 2. It sets the DF bit so packets cannot fragment. Particularily offensive if your server is on the other side of a tunnel (due to the overhead). The solution is to reduce the MTU on the box. Or use a different OS :)
I thought this was standard behaviour of Microsoft OSes since at least Win95. I know NT does this as standard, so does Win95 and 98. Win2k does this standard out of the box (at least last time I checked). -- Mikael Abrahamsson email: swmike@swm.pp.se
participants (2)
-
Mikael Abrahamsson -
Tim Devries