Re: The "Mac DoS Attack," a Scheme for Blocking Internet

From: Alan Cox (alanat_private)
Date: Wed Dec 29 1999 - 18:45:14 PST

Next message: Paul Schinder: "Re: The "Mac DoS Attack," a Scheme for Blocking Internet"

Previous message: Bryan Blackburn: "Fwd: Sun Security Bulletin #00191"
Next in thread: Paul Schinder: "Re: The "Mac DoS Attack," a Scheme for Blocking Internet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The Internet Service Providers (ISPs) must take action to drop long ICMP
> packets in the backbone networks (any packet longer than 1499 bytes, at
> least).

This will break existing "good behaviour" legal systems and potentially
disrupt MTU discovery proceedure. It isnt a feasible option without a lot
of additional checks to the packet type etc, at which point with many routers
the firewall rules involved turn into a performance based DoS on the core
routers.


Alan

Next message: Paul Schinder: "Re: The "Mac DoS Attack," a Scheme for Blocking Internet"
Previous message: Bryan Blackburn: "Fwd: Sun Security Bulletin #00191"
Next in thread: Paul Schinder: "Re: The "Mac DoS Attack," a Scheme for Blocking Internet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:24:31 PDT