Slashdot Mirror

← Back to Stories (view on slashdot.org)

MSS Initiative Makes Progress

Posted by ryuzaki0 on from the doctor-heal-theyself dept.

Phil writes "The MSS Initiative was started by Richard van den Berg and myself to combat sites that are broken (enable Path MTU Discovery AND block ICMP 3,4) which include such big sites as SecurityFocus and CERT (causing those behind PPPoE and other less-than-1500-MTU-protocols to be unable to view the sites). This past week we were priveleged enough to be able to present a paper at the 16th LISA Systems Administration Conference! Check out the paper and slides and be sure, like many members of the audience, to fix the sites you administer!"

3 of 114 comments (clear)

  1. education is not a solution by jilles · · Score: 5, Insightful

    This problem is way to technical to explain to most sysadmins. Expecting them to fix it after a kind notification seems naive at best. Instead focus on firewall product manufacturers. In many cases sysadmins just use some sort of generated rules from some firewall product or duplicate sections of howto's. if you make sure the generated stuff is ok and the howto's & manuals don't misinform the sysadmins, there's a lot to gain.

    --

    Jilles
  2. Paper's missing a reference to the best solution.. by Anonymous Coward · · Score: 2, Insightful

    Astonishingly, the paper neglected to mention the best solution for site admins that I have yet seen for the problem -- rate limiting as a protection from DoS attacks. Cisco describes their implementation of this at http://www.cisco.com/warp/public/63/car_rate_limit _icmp.html. I don't know how widespread router vendor support for this is, but the concept is spot-on. If behaviors which are normally both legal and helpful can turn deadly when they take on a certain pattern then don't blanketly prohibit the behavior, identify when that pattern is developing and then cut it off. Wasn't that the whole concept behind stateful packet inspection anyways?

  3. Re:Can't read pdf by 0x0d0a · · Score: 3, Insightful

    Got the latest M$ XP Pro, and Adobe...

    I wish people wouldn't do this. You don't "have Adobe" any more than you "have the Internet" or something similar.

    I'd guess from the context that you're talking about Acrobat Reader. Unfortunately, people also use the term "I've got Adobe" to refer to Photoshop.

    Granted, the origin of all this was companies, not consumers, with people like Microsoft and Netscape putting their company names into their product name, but it's confusing, and it's consumers that are keeping it going.

    --
    May we never see th