Re: MISC Large ICMP Packet

From: Chris Hobbs (chobbsat_private)
Date: Thu Jul 26 2001 - 09:52:10 PDT

  • Next message: Ryan W. Maple: "Cobalt Scan"

    Both you and Valdis nailed it - from hostmgr.uiuc.edu:
    
    -----
    This is hostmgrat_private  I checked around and found out that
    vacuum.cso.uiuc.edu is running our list-serv software.  I also
    found out by default, AIX 4.3.x uses large ICMP packets to do 
    some sort of MTU discovery on remote networks.  When it becomes 
    a problem, it can be easily disabled, which our system admin has
    now done on vacuum.
    -----
    
    Kudos to them for a really fast repsonse - 45 minutes from the time I
    sent the first e-mail :)
    
    Opus wrote:
    > 
    > This is most likely an AIX box which by default has MTU discovery enabled
    > used to discover what size of packets it can send.  This can be sdisabled
    > on the AIX box with the following command.  This is not intended to be
    > malicious.
    > 
    > no -o tcp_pmtu_discover=0
    
    -- 
    Chris Hobbs       Silver Valley Unified School District
    Head geek:              Technology Services Coordinator
    webmaster:   http://www.silvervalley.k12.ca.us/~chobbs/
    postmaster:               chobbsat_private
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 11:57:18 PDT