Darren, Interesting email... If the attack is done through bad client specifying a ultra small MSS, at least, the server should be able to track them. As doing IP spoofing with TCP is difficult if the ISN are random enough. If the attack is done through generated ICMP unreachable cannot fragment (mimicking the PMTUD process), well, the attacker needs to be on the path to be able to include the failed IP packet (mainly for TCP ports). And if the attacker is on the path, I'm pretty sure that he/she could do more damage anyway. Having said this, I'll go to my web servers and check what their smallest MSS is ;-) Just my still falling (!) 0.01 EUR -eric
This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 11:23:10 PDT