> On 19. Jul 2018, at 03:12, Maxim Konovalov <maxim.konova...@gmail.com> wrote: > > Hi Randall, > > On Wed, 18 Jul 2018, 22:49-0000, Randall Stewart wrote: > >> Author: rrs >> Date: Wed Jul 18 22:49:53 2018 >> New Revision: 336465 >> URL: https://svnweb.freebsd.org/changeset/base/336465 >> >> Log: >> Bump the ICMP echo limits to match the RFC >> > [...] > > Just wonder, are there any practical reasons to do that? In case you send encapsulated packets triggering an ICMP message you actually need more than the 8 bytes which are currently reflected. The number 8 comes from RFC 792, which was published 1981. The new number comes from RFC 1812, which was published 1995. > > While I don't see any meaningful vectors right now this could > potentially make amplification DoS easier, no? I don't think so. When sending packets smaller than 576 - 20 - 8, you get a byte amplification of 8 bytes.
Please note that IPv6 already reflects as much as fits in a single packet. So this is not something completely new... Best regards Michael > > -- > Maxim Konovalov > _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
