[NANOG] Microsoft.com PMTUD black hole?

Bjørn Mork bjorn at mork.no
Thu May 8 07:00:19 UTC 2008


Iljitsch van Beijnum <iljitsch at muada.com> writes:

> Now Microsoft is also the company that built the OS that could be  
> crashed by a maliciously crafted fragmented IP packet, so maybe  
> there's something to this security policy. (One hopes that this bug  
> and others like it are now fixed.)

Although the fact that Microsoft block all icmp makes me wonder which
unfixed icmp related security holes they know about...  

I am not saying that there are any such holes in current Windows
versions, but I will certainly not use a Windows server in an
environment where I could receive icmp after learning that Microsoft
themselves don't trust Windows' icmp handling.

After all, Microsoft must have a reason to block all icmp.  Or?

> However, in that case the only workable course of action would be TO  
> DISABLE PATH MTU DISCOVERY!
>
> You can't have your cake and eat it too.

But maybe the death of icmp is worth some sort of ceremony?  Cake or
not. 



Bjørn




More information about the NANOG mailing list