[NANOG] Microsoft.com PMTUD black hole?

• Previous message (by thread): [NANOG] Microsoft.com PMTUD black hole?
• Next message (by thread): [NANOG] Microsoft.com PMTUD black hole?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7 mei 2008, at 21:46, Michael Sinatra wrote:

>> MS does in fact block _all_ ICMP
>> at the edge of their network, that they are aware that this will in  
>> fact
>> break PMTUD, and that they have no current plans to change this  
>> practice
>> which they have implemented in the interest of security.

> Perhaps
> they should also block _all_ TCP and UDP as well, and then we can  
> move on.

> I agree with Iljitsch that it happens frequently, but I think I am
> justified in expecting more than that from Microsoft.  Anything less
> would be unprofessional.

Right.

Now Microsoft is also the company that built the OS that could be  
crashed by a maliciously crafted fragmented IP packet, so maybe  
there's something to this security policy. (One hopes that this bug  
and others like it are now fixed.)

However, in that case the only workable course of action would be TO  
DISABLE PATH MTU DISCOVERY!

You can't have your cake and eat it too.

• Previous message (by thread): [NANOG] Microsoft.com PMTUD black hole?
• Next message (by thread): [NANOG] Microsoft.com PMTUD black hole?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]