Digital Island sponsors DoS attempt?
Quibell, Marc
mquibell at icn.state.ia.us
Fri Oct 26 17:01:38 UTC 2001
That's all fine Valdis, but no one does MTU check on the internet or pmtu
checks. This is all LAN-based...
-----Original Message-----
From: Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu]
Sent: Friday, October 26, 2001 11:49 AM
To: Dave Siegel
Cc: nanog at merit.edu
Subject: Re: Digital Island sponsors DoS attempt?
On Fri, 26 Oct 2001 09:32:39 PDT, Dave Siegel said:
> If you have a list of prefix's you intend to measure, it would not be
If.
This list comes from *where*?
What if I pointed out that IBM's AIX implements Path MTU Discovery by
sending
an ICMP packet with max MTU and the DF bit set (so it can discover the *max*
MTU even if the first *TCP* packet is not a full MTU long)?
Are you saying that I should contact each prefix that my Listserv machine is
sending mail to, to get permission to negotiate PMTU discovery? Ouch.
That's 600K subscribers, and I need to go look up where their MX entries
point to, figure out what AS the destination is in, and send the AS contact
mail (assuming that 'whois' actually has valid data) - and then repeat for
every new subscriber to a list from an AS we haven't contacted before.
No? That seems silly? How is it any different from 5 PING packets so a
site
can decide which server to send stuff from? Where do you draw the line?
> transit providers needn't be involved, as transit providers typically
> don't measure icmp flows bound to customers.
We've seen cases where transit providers do things like install blackhole
routing because they disagree with a site because of their traffic. This
proves that at least *some* transit providers care about *some* traffic for
*some* reason. Again, where do you draw the line?
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
More information about the NANOG
mailing list