OpenBSD Journal

a MSS Initiative Makes Progress

Contributed by jose on from the copycat dept.

Dengue writes:
"From Slashdot :"The MSS Initiative was started by Richard van den Berg and myself to combat sites that are broken (enable Path MTU Discovery AND block ICMP 3,4) which include such big sites as SecurityFocus and CERT (causing those behind PPPoE and other less-than-1500-MTU-protocols to be unable to view the sites). This past week we were priveleged enough to be able to present a paper at the 16th LISA Systems Administration Conference! Check out the paper and slides and be sure, like many members of the audience, to fix the sites you administer!""
This is some interesting stuff. You may also be intersted in the work at ICIR which has done wide are samples to watch the adoption of improved networking standards.

(Comments are closed)


Comments
  1. By Dries Schellekens () on http://marc.theaimsgroup.com/?l=openbsd-pf&m=10371

    PF doesn't block the ICMP errors (like type 3, code 4; Destination Unreachable, Fragmentation Needed and Don't Fragment was Set) when statefull firewalling ("keep state").

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]