--0-1774392370-951065021=:49727
Content-Type: TEXT/PLAIN; charset=US-ASCII

Attached unofficial patch to drop ICMP packets larger than 8184 bytes.
E-Mail/Flame me if not liked...

I wanted to be able to set the maximum value via sysctl but I'm not sure
if I'll break anything, feel free to pick up from there.

On Sat, 19 Feb 2000 netdude@bc.sympatico.ca wrote:

> 
> >Number:         16828
> >Category:       kern
> >Synopsis:       High Speed Pinging Over 8184 bytes Kills Server Instantly
> >Confidential:   no
> >Severity:       critical
> >Priority:       high
> >Responsible:    freebsd-bugs
> >State:          open
> >Quarter:        
> >Keywords:       
> >Date-Required:
> >Class:          sw-bug
> >Submitter-Id:   current-users
> >Arrival-Date:   Sat Feb 19 20:10:01 PST 2000
> >Closed-Date:
> >Last-Modified:
> >Originator:     Ahsanul Shajan Alam
> >Release:        3.3-RELEASE
> >Organization:
> TheCoolHost.com, Inc.
> >Environment:
> FreeBSD big_server1.webdevstudio.com 3.3-RELEASE FreeBSD 3.3-RELEASE #0: Thu Sep 16 23:40:35 GMT 1999     jkh@highwing.cdrom.com:/usr/src/sys/compile/GENERIC  i386
> >Description:
> High speed pinging to anyone or from anyone on a local ethernet network with packet sizes over 8184 bytes will bring down the server, regardless of whether packets were being directed to it or another target which is online OR offline. Once pinging starts from any other machine, if local the BSD server will go down immediately, if from a remote source, it will go down in a few seconds.
> 
> What makes this problem really bad is the fact that the target of the pings does not even have to be the server, it can be any on the ethernet segment...
> >How-To-Repeat:
> pick any LINUX box and do a:
> 
> ping -fs 10000 <any IP on the local ethernet network>
> 
> But note: if the ping packets are exactly 8184 bytes, the server will just respond back at them and "laugh", if larger (ideally 10000 bytes) the server will die immediately...
> >Fix:
> get upstream provider to disable ping packets from coming in, BUT that will NOT protect you if the source of the pings is on the same ethernet segment. Desparate to find a "cure" to this problem. Please email: netdude@bc.sympatico.ca or president@thecoolhost.com if you know of any solutions, or if anybody can send me exactly what I need to type in to disable pings via IPFW... hmm... Thanks for you time.
> 
> >Release-Note:
> >Audit-Trail:
> >Unformatted:
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-bugs" in the body of the message
> 

-- 
+-------------------------------------------------------------------------+
| Omachonu Ogali                                     oogali@intranova.net |
| Intranova Networking Group                 https://tribune.intranova.net |
| PGP Key ID:                                                  0xBFE60839 |
| PGP Fingerprint:       C8 51 14 FD 2A 87 53 D1  E3 AA 12 12 01 93 BD 34 |
+-------------------------------------------------------------------------+

--0-1774392370-951065021=:49727
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="icmp.large.drop"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.BSF.4.10.10002201143410.49727@hydrant.intranova.net>
Content-Description: 
Content-Disposition: attachment; filename="icmp.large.drop"

LS0tIGlwX2lucHV0LmMub3JpZwlTdW4gRmViIDIwIDExOjMxOjQ0IDIwMDAN
CisrKyBpcF9pbnB1dC5jCVN1biBGZWIgMjAgMTE6Mzc6MzEgMjAwMA0KQEAg
LTM0OCw2ICszNDgsMTYgQEANCiAJTlRPSFMoaXAtPmlwX29mZik7DQogDQog
CS8qDQorCSAqIERyb3AgZXhjZXNzaXZlbHkgbGFyZ2UgSUNNUCBwYWNrZXRz
ICg+IDgxODQgYnl0ZXMpDQorCSAqIC0gb29nYWxpQGludHJhbm92YS5uZXQN
CisJICovDQorDQorCWlmICgoaXAtPmlwX2xlbiA+IDgxODQpICYmIChpcC0+
aXBfcCA9PSBJUFBST1RPX0lDTVApKSB7DQorCQlpcHN0YXQuaXBzX3Rvb2xv
bmcrKzsNCisJCWdvdG8gYmFkOw0KKwl9DQorDQorCS8qDQogCSAqIENoZWNr
IHRoYXQgdGhlIGFtb3VudCBvZiBkYXRhIGluIHRoZSBidWZmZXJzDQogCSAq
IGlzIGFzIGF0IGxlYXN0IG11Y2ggYXMgdGhlIElQIGhlYWRlciB3b3VsZCBo
YXZlIHVzIGV4cGVjdC4NCiAJICogVHJpbSBtYnVmcyBpZiBsb25nZXIgdGhh
biB3ZSBleHBlY3QuDQo=
--0-1774392370-951065021=:49727--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

--------------94AC7D254C33FCE49FEB5D0A
Content-Type: text/x-vcard; charset=us-ascii;
 name="tomb.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for tom brown 
Content-Disposition: attachment;
 filename="tomb.vcf"

begin:vcard 
n:Brown;Tom
tel;cell:+1 650 814 5949
tel;home:+1 650 566 8715
tel;work:+1 650 812 9400
x-mozilla-html:FALSE
url:https://www.cgf.net/
org:Ministry of Information;Information Adjustment
adr:;;;Menlo Park;California;;USA
version:2.1
email;internet:tomb@cgf.net
title:Historical Adjustments Officer 
note:This isn't my real job!
x-mozilla-cpt:;-4864
fn:Tom Brown
end:vcard

--------------94AC7D254C33FCE49FEB5D0A--