Manualshelf

HP Tru64 UNIX and TruCluster Server Version 5.1B-5 Patch Summary and Release Notes (March 2009)

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.0
41424344454647484950
In the Requirements for Internet Protocol (IP) Version 4 Routers (RFC 1812),
research suggests that the use of ICMP Source Quench packets is an ineffective
(and unfair) antidote for congestion. HP therefore recommends using the
icmp_rejectcodemask attribute to ignore ICMP Source Quench packets.
The ICMP type codes are in /usr/include/netinet/ip_icmp.h.
The ICMP (RFC 792) is used in the Internet Architecture to perform fault-isolation and
recovery (RFC 816), which is the group of actions that hosts and routers take to
determine if a network failure has occurred.
The industry standard TCP specification (RFC 793) has a vulnerability whereby ICMP
packets can be used to perform a variety of attacks such as blind connection reset attacks
and blind throughput-reduction attacks:
Blind connection reset attacks can be triggered by an attacker sending forged ICMP
"Destination Unreachable, host unreachable" packets or ICMP "Destination
Unreachable, port unreachable" packets.
Blind throughput-reduction attacks can be caused by an attacker sending a forged
ICMP type 4 (Source Quench) packet.
Path MTU Discovery (RFC 1191) describes a technique for dynamically discovering
the MTU (maximum transmission unit) of an arbitrary internet path. This protocol uses
ICMP packets from the router to discover the MTU for a TCP connection path. An
attacker can reduce the throughput of a TCP connection by sending forged ICMP
packets (or their IPv6 counterpart) to the discovering host, causing an incorrect Path
MTU setting.
3.2.1.17 caa_relocate Command Improved
The caa_relocate -s source_member command now allows the relocation of a
specific resource from the source_member.
The command caa_relocate -s source_member resource_name will relocate
the application resource resource_name only if it is running on the source_member.
Otherwise it will return an error message.
See the revised caa_relocate(8) reference page delivered in this kit for more information.
3.2.1.18 collect Utility Improved in Several Ways
The collect utility has been enhanced to support a new -c option, which when
specified instructs collect to gather local and remote I/O access statistics for disk
and tape devices as seen by the Device Request Dispatcher (DRD) cluster subsystem
in a TruCluster Server environment.
The collect utility has also been modified to enable it to support long device names.
The collect(8) reference page has been revised to reflect these changes.
3.2 Prior Release Notes 47