Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
LISA 2002 - Technical Program Abstract

Over-Zealous Security Administrators Are Breaking the Internet

Richard van den Berg - Trust Factory b.v. Phil Dibowitz - University of Southern California
Pp. 213-218 of the Proceedings of LISA '02: Sixteenth Systems Administration Conference,
(Berkeley, CA: USENIX Association, 2002).


As the security threats on the Internet are becoming more prevalent, firewalls and other forms of protection are becoming more commonplace. Unfortunately, improperly configured firewalls can cause a variety of problems. One particularly nasty problem is when a firewall administrator chooses to use - or continue using - Path MTU Discovery (a good choice in most situations), but blocks packets required for the protocol to work: ICMP type 3 code 4 packets. This problem, the Path MTU Discovery Black Hole, has been discussed many times before. However with under- 1500 MTU protocols such as PPPoE becoming common for both home and business high-speed connections, this problem is affecting more people than ever before.

  • View the full text of this paper in HTML, PDF, and Postscript. Until November 2003, you will need your USENIX membership identification in order to access the full papers.
    The Proceedings are published as a collective work, © 2002 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.

  • If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
?Need help? Use our Contacts page.

Last changed: 24 Oct. 2002 aw
Technical Program
LISA '02 Home