svn commit: r336465 - in head/sys/netinet: . tcp_stacks
Michael Tuexen
Michael.Tuexen at macmic.franken.de
Thu Jul 19 12:09:55 UTC 2018
> On 19. Jul 2018, at 03:12, Maxim Konovalov <maxim.konovalov at gmail.com> wrote:
>
> Hi Randall,
>
> On Wed, 18 Jul 2018, 22:49-0000, Randall Stewart wrote:
>
>> Author: rrs
>> Date: Wed Jul 18 22:49:53 2018
>> New Revision: 336465
>> URL: https://svnweb.freebsd.org/changeset/base/336465
>>
>> Log:
>> Bump the ICMP echo limits to match the RFC
>>
> [...]
>
> Just wonder, are there any practical reasons to do that?
In case you send encapsulated packets triggering an ICMP message
you actually need more than the 8 bytes which are currently
reflected. The number 8 comes from RFC 792, which was
published 1981. The new number comes from RFC 1812, which was
published 1995.
>
> While I don't see any meaningful vectors right now this could
> potentially make amplification DoS easier, no?
I don't think so. When sending packets smaller than 576 - 20 - 8,
you get a byte amplification of 8 bytes.
Please note that IPv6 already reflects as much as fits in a single
packet.
So this is not something completely new...
Best regards
Michael
>
> --
> Maxim Konovalov
>
More information about the svn-src-head
mailing list