Skip to Main content Skip to Navigation
New interface
Conference papers

New Results for the PTB-PTS Attack on Tunneling Gateways

Vincent Roca 1 Ludovic Jacquin 2 Saikou Fall 1 Jean-Louis Roch 3 
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services, Inria Lyon
3 MOAIS - PrograMming and scheduling design fOr Applications in Interactive Simulation
Inria Grenoble - Rhône-Alpes, LIG - Laboratoire d'Informatique de Grenoble
Abstract : This work analyzes the impacts of the ”Packet Too Big”- ”Packet Too Small” (PTB-PTS) Internet Control Message Protocol (ICMP) based attack against tunneling gateways. It is a follow up of a prior work [2] that detailed how to launch the PTB-PTS attack against IPsec gate- ways (for secure tunnels) and their consequences, ranging from major performance impacts (additional delays at session establishment and/or packet fragmentation) to Denial of Services (DoS). In the present work we examine a much wider range of configurations: we now consider the two IP protocol versions (previous work was lim- ited to IPv4, we add IPv6), two operating systems (previous work was limited to Linux Debian, we add a recent Ubuntu distribution as well as Windows 7), and two tunnelling protocols (previous work was limited to IPsec, we add IPIP). This work highlights the complexity of the situation as different behav- iors will be observed depending on the exact configuration. It also high- lights Microsoft’s strategy when approaching the ”minimum maximum packet size” (i.e., minimum MTU) any link technology should support: if Windows 7 mitigates the attack in IPv4 (there is no DoS), however the performance impact remains, and since the technique is inapplicable to IPv6, the attack succeeds in that case. Finally, this work highlights a fundamental problem: the impossibility to reliably identify illegitimate ICMP error packets coming from the untrusted network.
Document type :
Conference papers
Complete list of metadata

Cited literature [4 references]  Display  Hide  Download
Contributor : Vincent Roca Connect in order to contact the contributor
Submitted on : Friday, May 20, 2016 - 2:22:33 PM
Last modification on : Friday, November 18, 2022 - 9:27:19 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution - NonCommercial - ShareAlike 4.0 International License


  • HAL Id : hal-01245629, version 2


Vincent Roca, Ludovic Jacquin, Saikou Fall, Jean-Louis Roch. New Results for the PTB-PTS Attack on Tunneling Gateways. GreHack 2015, Cédric Lauradoux, Florent Autréau, Nov 2015, Grenoble, France. ⟨hal-01245629v2⟩



Record views


Files downloads