Darren, Interesting email... If the attack is done through bad client specifying a ultra small MSS, at least, the server should be able to track them. As doing IP spoofing with TCP is difficult if the ISN are random enough. If the attack is done through generated ICMP unreachable cannot fragment (mimicking the PMTUD process), well, the attacker needs to be on the path to be able to include the failed IP packet (mainly for TCP ports). And if the attacker is on the path, I'm pretty sure that he/she could do more damage anyway. Having said this, I'll go to my web servers and check what their smallest MSS is ;-) Just my still falling (!) 0.01 EUR -eric
- Small TCP packets == very large overhead == DoS? Darren Reed
- Re: Small TCP packets == very large overhead == DoS? Darren Reed
- RE: Small TCP packets == very large overhead == DoS? David LeBlanc
- Re: Small TCP packets == very large overhead == DoS? Pavel Machek
- RE: Small TCP packets == very large overhead == DoS? Eric Vyncke
- RE: Small TCP packets == very large overhead == DoS? Russ
- Re: Small TCP packets == very large overhead == ... Darren Reed
- RE: Small TCP packets == very large overhead... David LeBlanc
- Re: Small TCP packets == very large overhead == DoS? gregory duchemin
- Re: Small TCP packets == very large overhead == DoS? Darren Reed
- Re: Small TCP packets == very large overhead == ... John Kristoff
- Re: Small TCP packets == very large overhead == ... Brett Lymn
- RE: Small TCP packets == very large overhead == DoS? Franck Martin
- Re: Small TCP packets == very large overhead == DoS? Crist Clark
