[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: MASQed machines on LAN can't get to a couple of www sites.



Yep, the MTU of my dialup link was 1000 (had to set it there to
improve network performance) and the MTUs of my ethernet connections
was 1500.  So the packets were getting fragmented before they ever
left my machines, I guess.  Now I see why these sites also don't
respond to pings.

Thanks,
Ben Logan

On Thu, Jul 12, 2001 at 11:12:08PM -0700, Stephen Carville wrote:
> Just a wild stab but what is the MTU of the dial-up link?  If it is
> less than 1500 then it is very possible that the sites you cannot
> reach are blocking all ICMP messaging.  Web servers send packets out
> with the DF bit set so, if a reduced MTU is encountered, the packet is
> dropped with an ICMP error message sent back informing the source.
> Normally the server can then reduce the packet size but if the
> firewall blocks the IMCP message (a very common practice for amateurs)
> the server never finds out and just keeps sending packets with an MTU
> of 1500 until the connection times out.
> 
> Needless to say the opportunites for DOSsing that kind of idiot is
> obvious...
> 





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]