Path MTU Discovery Considered Harmful

Path MTU Discovery (PMTUD) allows to optimize the performance in the Internet by identifying the maximal packet size that can be transmitted through a network. Despite the central role that PMTUD plays in the Internet communication, it has a long history of software bugs, failures and misconfigurations. In this work we explore the benefits versus drawbacks of PMTUD in the Internet from the clients and servers perspective. First, we examine the fraction of clients that use PMTUD. To that end we analyse ICMP PTB messages in CAIDA Internet Traces and show that the fraction of networks using PMTUD is negligible and that this number is further decreasing over the period of 2008 - 2016. Second, we evaluate the fraction of popular web servers that support the PMTUD mechanism and show that a large number of the servers block "ICMP packet too big" messages. On the other hand, we show easy and efficient - even though well-known - degradation of service attacks that exploit the availability of PMTUD. Since the benefit of PMTUD is questionable, and in contrast it exposes to degradation of service attacks, we advocate to stop using it. As with any new change in the Internet, the implications of our recommendation should be carefully evaluated and gradually implemented. In the meanwhile, we provide recommendations for mitigations against the degradation of service attacks.

[1]  Yinglian Xie,et al.  Collaborative TCP sequence number inference attack: how to crack sequence number under a second , 2012, CCS '12.

[2]  Amir Herzberg,et al.  Fragmentation Considered Poisonous, or: One-domain-to-rule-them-all.org , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[3]  Jon Postel,et al.  Internet Protocol , 1981, RFC.

[4]  Srikanth V. Krishnamurthy,et al.  Off-Path TCP Exploits: Global Rate Limit Considered Dangerous , 2016, USENIX Security Symposium.

[5]  Nirwan Ansari,et al.  Low rate TCP denial-of-service attack detection at edge routers , 2005, IEEE Communications Letters.

[6]  Bill Owens,et al.  Inferring and debugging path MTU discovery failures , 2005, IMC '05.

[7]  Amir Herzberg,et al.  Off-Path TCP Injection Attacks , 2014, TSEC.

[8]  Fernando Gont,et al.  ICMP Attacks against TCP , 2010, RFC.

[9]  Stephen E. Deering,et al.  Path MTU Discovery for IP version 6 , 1996, RFC.

[10]  Haya Shulman,et al.  Fragmentation Considered Leaking: Port Inference for DNS Poisoning , 2014, ACNS.

[11]  Sharon Goldberg,et al.  Attacking the Network Time Protocol , 2016, NDSS.

[12]  Stephen E. Deering,et al.  Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) , 1995, RFC.

[13]  Stephen E. Deering,et al.  Path MTU discovery , 1990, RFC.

[14]  Jeffrey C. Mogul,et al.  Fragmentation considered harmful , 1987, CCRV.

[15]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[16]  V. Paxson,et al.  Implications of Netalyzr ’ s DNS Measurements , 2011 .

[17]  Radia J. Perlman,et al.  DoS protection for UDP-based protocols , 2003, CCS '03.

[18]  Amir Herzberg,et al.  Fragmentation Considered Vulnerable , 2013, TSEC.

[19]  Matthew J. Luckie,et al.  Measuring path MTU discovery behaviour , 2010, IMC '10.

[20]  Amir Herzberg,et al.  Stealth DoS Attacks on Secure Channels , 2010, NDSS.