Community discussions

MikroTik App
 
XNewBIE
just joined
Topic Author
Posts: 5
Joined: Wed Mar 17, 2021 7:15 am

TCP MSS Value

Wed Mar 31, 2021 2:07 pm

Hi,

Is it a good idea to control MSS value on router raw firewall? Trying to discard packet not fall between value 536-1500 and objective is to prevent flood or dos attack. Anyone has the same configuration?
 
R1CH
Forum Guru
Forum Guru
Posts: 1099
Joined: Sun Oct 01, 2006 11:44 pm

Re: TCP MSS Value

Thu Apr 01, 2021 4:16 pm

If you have a non-1500 MTU, yeah you can clamp it to avoid clients having to do PMTU discovery. But this has no relation to DoS resistance.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: TCP MSS Value

Thu Apr 01, 2021 7:25 pm

He probably means some form of "attack" where TCP sessions with a very small MSS are set up, and so there is a large number of packets used to transport only very little data.
It would be possible to filter on that, but it is not unlikely that this can cause some erroneous packet drops.

Who is online

Users browsing this forum: baragoon, Bing [Bot], cyrq, DanMos79, NetTecture, RobertsN and 83 guests