Kitz Forum

Internet => General Internet => Topic started by: Weaver on March 03, 2020, 12:13:31 PM

Title: Short packets
Post by: Weaver on March 03, 2020, 12:13:31 PM

Say someone sends me an IPv4 TCP packet and it is less than 40 bytes long, or any IPv4 packet that is less than 20 bytes long (do I have the minimum lengths correct?), then what does that do to operating system <x>? Are there still bugs in operating systems relating to checking for this and other similar evils?

I ask because I was reading about a switch that offers checking for such things and I wondered if there is still any need for such external checks. Of course a stateful firewall provides a guard against evildoers anyway unless they are already inside your LAN that is.

Title: Re: Short packets
Post by: petef on March 03, 2020, 02:00:17 PM

You are correct about the minimum packet sizes. Shorter packets might be caused by transmission errors or malicious construction. Both of those should be caught by the link layer. I hesitate to say that all current OSs are bug free but it would surprise me if there were handling errors in network drivers. Many years ago I found a bug in IBM's IP handling which had been causing NFS errors. That was an exception which proves the rule.

A switch allows you to offload processing onto separate hardware. Any lift will depend on how many dodgy packets need to be dealt with.

Title: Re: Short packets
Post by: niemand on March 03, 2020, 03:50:43 PM

Discarded as junk. Error counter will increment as packet/frame is considered corrupted.

Title: Re: Short packets
Post by: niemand on March 03, 2020, 03:52:08 PM

NB switch won't care, or shouldn't as it should be inspecting Ethernet headers only, router will discard.