[Full-Disclosure] A new TCP/IP blind data injection technique?
Mikael Abrahamsson
swmike at swm.pp.se
Thu Dec 11 20:42:27 GMT 2003
On Thu, 11 Dec 2003 Valdis.Kletnieks at vt.edu wrote:
> 1) Disable all ICMP, so the ICMP Frag Needed packets don't make it back, thus
> hosing the connection entirely (send too large packet, frag needed, ICMP
> dropped, timeout, retransmit, lather, rinse, repeat).
>
> 2) Number their point-to-points out of RFC1918 space, so the ICMP Frag Needed
> gets swallowed by some border router that's doing reasonable ingress/egress
> filtering.
Well, actually as far as I have seen the bad thing when pmtud doesnt work
is often your server farm load sharer that wont forward the icmp message
to the appropriate server in the farm.
So a lot of the technology used out there doesnt even by design take ICMP
NEED TO FRAG-messages into account when they do things. It's not just
clueless admins, it's clueless designers of equipment.
--
Mikael Abrahamsson email: swmike at swm.pp.se
Full-Disclosure is hosted and sponsored by Secunia.