[dns-operations] DNS Attack over UDP fragmentation
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Sep 4 13:55:22 UTC 2013
On Wed, Sep 04, 2013 at 10:45:42PM +0900,
Yasuhiro Orange Morishita / 森下泰宏 <yasuhiro at jprs.co.jp> wrote
a message of 38 lines which said:
> So, we might set max-udp-size to 1220 for preventing UDP
> fragmentation.
But, in IPv4, the attacker can send spoofed ICMP "packet too big"
messages to decrease the size of the path MTU, as seen by the DNS
server.
I do not find an equivalent of RFC 5927 for UDP. I assume (I didn't
check) that UDP stacks implement similar protections (some suggestions
of RFC 59267 are very TCP-specific such as checking the sequence
number) but it would be interesting to study this possible attack in
depth.
More information about the dns-operations
mailing list