Thanks Joe. > I'd add one sentence about Fred's observation too: > > In addition, spoofed ICMP messages can also affect the correct operation > of PMTUD. You don't think that's covered by the existing security considerations: This Path MTU Discovery mechanism makes possible two denial-of- service attacks, both based on a malicious party sending false Packet Too Big messages to a node. In the first attack, the false message indicates a PMTU much smaller than reality. This should not entirely stop data flow, since the victim node should never set its PMTU estimate below the IPv6 minimum link MTU. It will, however, result in suboptimal performance. In the second attack, the false message indicates a PMTU larger than reality. If believed, this could cause temporary blockage as the victim sends packets that will be dropped by some router. Within one round-trip time, the node would discover its mistake (receiving Packet Too Big messages from that router), but frequent repetition of this attack could cause lots of packets to be dropped. A node, however, should never raise its estimate of the PMTU based on a Packet Too Big message, so should not be vulnerable to this attack. Best regards, Ole
Attachment:
signature.asc
Description: Message signed with OpenPGP