[Dshield] TCP Maximum Segment Size exceeded

Christophe Rome asrgchr at yahoo.com
Tue Jan 3 14:07:04 GMT 2006


Hi, 

I don't know if this topic fits inhere but I'm trying
it anyway. If it conflicts with the interest of the
list then just tell me and I'll shut up forever...

Lately we seem to have a few mailservers experiencing
smtp connection drops when sending to our external
mailserver. It seems to happen with every connection
certain mailservers make. The logfile of our
mailserver tells us 'socket error - 10054 -
WSAECONNRESET'. The PIX firewall which stands in
between reports a 'Dropping TCP packet, reason: MSS
exceeded'. So we already figured out what the problem
is...

I have two questions now about this problem:
1) Cisco reports this problem on this link
(http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml).
They advise not to disable this MSS exceeded
protection because of a potential buffer overrun risk.
Is this risk real?
2) I understand that the connecting side is using a
product that has wrongly implemented TCP. I would
think I am not to change anything to my config and
that the connecting side is entitled to set things up
correctly? Am I correct on this or am I seeing things wrong?


	
		
__________________________________ 
Yahoo! for Good - Make a difference this year. 
http://brand.yahoo.com/cybergivingweek2005/


More information about the list mailing list