LISA 2002 - Technical Program Abstract
Over-Zealous Security Administrators Are Breaking the Internet
Richard van den Berg - Trust Factory b.v. Phil Dibowitz - University of Southern California
Pp. 213-218 of the Proceedings of LISA '02:
Sixteenth Systems Administration Conference,
USENIX Association, 2002).
As the security threats on the Internet are becoming more
prevalent, firewalls and other forms of protection are becoming more
commonplace. Unfortunately, improperly configured firewalls can cause
a variety of problems. One particularly nasty problem is when a
firewall administrator chooses to use - or continue using - Path MTU
Discovery (a good choice in most situations), but blocks packets
required for the protocol to work: ICMP type 3 code 4 packets. This
problem, the Path MTU Discovery Black Hole, has been discussed many
times before. However with under- 1500 MTU protocols such as PPPoE
becoming common for both home and business high-speed connections,
this problem is affecting more people than ever before.
- View the full text of this paper in
PDF, and Postscript. Until November 2003, you will need your USENIX membership identification in order to access the full papers.
The Proceedings are published as a collective work, © 2002 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.