Prev-20 Home Next-20 1 msg BGP issues qwest in Burbank, CA 1 msg Looking for Yahoo-SOC contact 1 msg Cachefly Contact 2 msg auth*.ns.uu.net 1 msg auth00/auth100.ns.uu.net down ? 3 msg PCH BGP Archive down? 1 msg Looking for Flickr contacts 2 msg Charter - Southern Oregon routing issues 1 msg Google Contact 1 msg Bob Crooks/SaskTel/CA is out of the office. Microsoft.com PMTUD black hole? \ Nathan Anderson/FSR (6 May 2008) . \ Brandon Butterworth (6 May 2008) . . \ Iljitsch van Beijnum (6 May 2008) . . . \ Nathan Anderson/FSR (6 May 2008) . . . . \ Nathan Anderson/FSR (6 May 2008) . . . . \ Iljitsch van Beijnum (7 May 2008) . . . . . \ Nathan Anderson/FSR (7 May 2008) . . . \ Bjørn Mork (7 May 2008) . . \ Nathan Anderson/FSR (6 May 2008) . \ Robert Bonomi (6 May 2008) . . \ Tomas L. Byrnes (7 May 2008) . . . \ Marshall Eubanks (7 May 2008) . . . \ Nathan Anderson/FSR (7 May 2008) . . \ Nathan Anderson/FSR (7 May 2008) . . . \ Randy Bush (7 May 2008) . . . \ Glen Turner (7 May 2008) . . . . \ Mark Newton (7 May 2008) . . . . \ Patrick Giagnocavo (7 May 2008) . . . \ Rich Kulawiec (7 May 2008) . . . . \ Nathan Anderson/FSR (7 May 2008) . . . . . \ Michael Sinatra (7 May 2008) . . . . . . \ Iljitsch van Beijnum (7 May 2008) . . . . . . . \ Tomas L. Byrnes (7 May 2008) . . . . . . . . \ Nathan Anderson/FSR (7 May 2008) . . . . . . . . . \ Iljitsch van Beijnum (7 May 2008) . . . . . . . . . . \ Nathan Anderson/FSR (7 May 2008) . . . . . . . . . \ Tomas L. Byrnes (7 May 2008) . . . . . . . . . . \ Iljitsch van Beijnum (7 May 2008) . . . . . . . . . . . \ Tomas L. Byrnes (7 May 2008) . . . . . . . . . . \ Nathan Anderson/FSR (7 May 2008) . . . . . . . \ Tomas L. Byrnes (7 May 2008) . . . . . . . . \ Nathan Anderson/FSR (7 May 2008) . . . . . . . \ Bjørn Mork (8 May 2008) . . . . . . . . \ Joel Jaeggli (8 May 2008) . . . . . . . . . \ Iljitsch van Beijnum (8 May 2008) . . . . . . . . . . \ Smith, Donald (8 May 2008) . . . . . . \ Hank Nussbacher (8 May 2008) . . . . . \ Deepak Jain (7 May 2008) . . . . . . \ SML (7 May 2008) . . . . . . \ Tony Finch (8 May 2008) . . . . . . . \ Blaine Christian (8 May 2008) . . \ Stephen Sprunk (7 May 2008) . \ Iljitsch van Beijnum (7 May 2008) . \ Nathan Anderson/FSR (7 May 2008) . . \ Tomas L. Byrnes (7 May 2008) . . . \ Nathan Anderson/FSR (7 May 2008) . . . \ Matthew Petach (12 May 2008) . \ Michael Sinatra (7 May 2008) . \ Scott Weeks (8 May 2008) . \ Janet Sullivan (8 May 2008) . . \ Niels Bakker (8 May 2008) 4 msg Strange network behaviour 1 msg Was Burma off the air due to the Cyclone ? 17 msg OSPF minutia, and, technote publication venues 2 msg Deadline Extension UBICOMM 2008, September 29 -... 1 msg [Fwd: Re: outages] 2 msg outages 21 msg Did Youtube not pay their domain bill? 9 msg Introducing latency for testing? 33 msg fair warning: less than 1000 days left to IPv4 ... Prev-20 Home Next-20

Prev-Msg Prev-Thread Nanog May-2008 Next-Thread Next-Msg Subject: Re: Microsoft.com PMTUD black hole? Group: Nanog From: Tomas L. Byrnes Date: 7 May 2008 The remedy you have below is NOT the only one, and is, in fact, a non-sequitur in this case. PMTUD uses the DF (for Don't_Fragment) bit, and works by getting an ICMP Fragmentation needed response from the hop on the path where the packet is too large, not a fragmentation and forward, so the union of PMTUD packets and fragmented ones is 0. The network-level solution to ping of death is to BLOCK fragmented packets, and the way to ensure this doesn't self-deny-service is to perform PMTUD and Black-Hole Router discovery. > -----Original Message----- > From: Iljitsch van Beijnum [mailto:iljitsch] > Sent: Wednesday, May 07, 2008 1:35 PM > To: Michael Sinatra > Cc: nanog > Subject: Re: [NANOG] Microsoft.com PMTUD black hole? > > On 7 mei 2008, at 21:46, Michael Sinatra wrote: > > >> MS does in fact block _all_ ICMP > >> at the edge of their network, that they are aware that > this will in > >> fact break PMTUD, and that they have no current plans to > change this > >> practice which they have implemented in the interest of security. > > > Perhaps > > they should also block _all_ TCP and UDP as well, and then > we can move > > on. > > > I agree with Iljitsch that it happens frequently, but I think I am > > justified in expecting more than that from Microsoft. > Anything less > > would be unprofessional. > > Right. > > Now Microsoft is also the company that built the OS that > could be crashed by a maliciously crafted fragmented IP > packet, so maybe there's something to this security policy. > (One hopes that this bug and others like it are now fixed.) > > However, in that case the only workable course of action > would be TO DISABLE PATH MTU DISCOVERY! > > You can't have your cake and eat it too. > > _______________________________________________ > NANOG mailing list > NANOG > http://mailman.nanog.org/mailman/listinfo/nanog > _______________________________________________ NANOG mailing list NANOG http://mailman.nanog.org/mailman/listinfo/nanog Prev-Msg Prev-Thread Nanog May-2008 Next-Thread Next-Msg

© 2004-2008 readlist.com