Re: DoS attack - advice needed

From: Ilya Martynov (m_ilya@agava.com)
Date: 03/22/01

• Next message: Chris Byrnes: "Re: DoS attack - advice needed"
• Previous message: Borja Marcos: "Re: DoS attack - advice needed"
• In reply to: Chris Byrnes: "Re: DoS attack - advice needed"
• Next in thread: Chris Byrnes: "Re: DoS attack - advice needed"
• Reply: Chris Byrnes: "Re: DoS attack - advice needed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

To: Chris Byrnes <chris@jeah.net>
From: Ilya Martynov <m_ilya@agava.com>
Date: 22 Mar 2001 20:29:43 +0300

>>>>> "CB" == Chris Byrnes <chris@jeah.net> writes:

    CB> And, while we're on the subject, who needs ICMP? I haven't
    CB> found a valid use for it.

ping uses type 0 and 8

traceroute uses 11

type 3 is required for TCP/UDP traffic

Here cite from Linux IPCHAINS-HOWTO that describes why you should not
block type 3 (destination-unreachable):

  A worse problem is the role of ICMP packets in MTU discovery. All
  good TCP implementations (Linux included) use MTU discovery to try
  to figure out what the largest packet that can get to a destination
  without being fragmented (fragmentation slows performance,
  especially when occasional fragments are lost). MTU discovery works
  by sending packets with the "Don't Fragment" bit set, and then
  sending smaller packets if it gets an ICMP packet indicating
  "Fragmentation needed but DF set" (`fragmentation-needed'). This is
  a type of `destination-unreachable' packet, and if it is never
  received, the local host will not reduce MTU, and performance will
  be abysmal or non-existent.

-- 
Ilya Martynov
AGAVA Software Company, http://www.agava.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Chris Byrnes: "Re: DoS attack - advice needed"
• Previous message: Borja Marcos: "Re: DoS attack - advice needed"
• In reply to: Chris Byrnes: "Re: DoS attack - advice needed"
• Next in thread: Chris Byrnes: "Re: DoS attack - advice needed"
• Reply: Chris Byrnes: "Re: DoS attack - advice needed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [REVS] OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability ... Recently Amit'has been looking at the OpenBSD PRNG implementation for DNS ... also use this PRNG for IP fragmentation ID normalization feature (e.g. ... in "regular" IP packets and raw IP packets. ... o Idle-scanning, O/S fingerprinting, host alias detection, traffic ... (Securiteam) A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vu ... DNS transaction ID (OpenBSD ported BIND 9 into their code tree, ... fragmentation ID normalization feature (e.g. "scrub out random- ... packets and raw IP packets. ... (Bugtraq) Re: Why Linux is blind to this ARP reply ? ... I followed every one of your links, I've studied the packets to the ... the router when it is replying to Windows or Linux. ... > running proxy arp and/or filled with static routes? ... (comp.os.linux.misc) R: remapping IP addresses for inbound and outbound traffic ... I guess you can't do this, since a believe there is a single linux arp table. ... If you had hosts with unique IPs on both nets, that would be another story: you could use some sort of VPN or Bridge functionality. ... You could also be able to avoid packets passing through the bridged/VPNed interfaces thanks to iptables. ... Let one Linux box have two interfaces to IPv4 networks, ... (Linux-Kernel) Malformed Fragmented Packets DoS Dlink Firewall/Routers ... Malformed Fragmented Packets DoS Dlink Firewall/Routers ... Fragmentation is required because every network ... You bitches thought Fate Labs was dead?! ... (Bugtraq)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2001-03