RE: TCP/IP Stack Hardening - Disabling PMTU Discovery
dwr3ck_at_hushmail.com
Date: 12/30/03
- Previous message: dwr3ck_at_hushmail.com: "Disabling Cached Logon Credentials"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Dec 2003 10:38:09 -0800 To: focus-ms@securityfocus.com
In a VLANed environment, disabling PMTU discovery causes 3X more packets
on the network. Changing the default packet size back to 1500 while
leaving PMTU disabled is necessary in the environment I am currently
working in.
The issue I'm having is that I can only find a way to do this to the
specific interface. This is bad because the entries can't (easily) be
scripted. Also, if a bad NIC is replaced in a large environment it is
possible that people will not remember to change the settings on the
new NIC.
For these reasons I do not implement the NIC specific portions of stack
hardening. Also, some of the NIC settings seem to get lost in ghosting
processes when building new servers.
Environment: VLANs in place, 100s of servers. Due to 3rd party connections,
VPNs etc. is there really such a thing as Internal vs. External systems
when it comes to hardening?
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: dwr3ck_at_hushmail.com: "Disabling Cached Logon Credentials"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
