Hi Fred, On 05/15/2015 10:39 AM, Templin, Fred L wrote: >> The problem with Fred's question is that it is a well-known >> vulnerability of ICMP in general and has a much broader impact than just >> fragmentation and GRE (i.e., this draft). Additionally, I have no idea >> why Fred thinks an "insider attack" is any more of an issue than an >> arbitrary attack. > > If the original source, ingress and egress are all within the same well > managed administrative domain, then it would be very advantageous > to use PMTUD instead of probing and/or fragmentation since issues > such as ICMP message loss, multipath and in-the-network fragmentation > are mitigated. But, if source address spoofing is possible within the > administrative domain, then there is opportunity for an insider attack > to disrupt systems that rely on PMTUD.
Right. But Brian's question was if there was anything specific to what the draft is proposing. Do you believe that anything in the draft is specifically enabling this attack? Or if hosts (routers) implementing these drafts are more vulnerable to this attack? Thanks Suresh _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
