|
As you might have just read, there are a lot of sites out there that are fundamentally broken in the RFC 2923 sense. In an effort to steer away from MSS Clamping, I decided to started an initiative to notify sysadmins about the "brokenage" of their sites. Shortly (and I mean days) after I got this idea, I got an email from Richard van den Berg, who, coincidentally, had the same idea. So, we decided to work together in an effort to help eliminate this problem from the Internet. In accordance with security, open source, and other similar practices no sites will be ostracized unless they refuse to communicate or fix their site. The idea here is that we will notify admins of problem websites and give them at least two weeks to respond. After that time, we will list them here in the 'pending' (read: black) list, along with info on when they were contacted and what, if any response there was. For a detailed description of what the PMTUD Blackhole is, please see Phil's MSS page and RFC 2923. A copy of the letter that we send to admins is located here. If you would like to report a broken site, BE SURE IT IS BROKEN. We have provided instructions on how to test if a site is affected by the PMTUD Blackhole here. We may provide a script for this at some point, but the instructions should suffice. When you're sure it's broken, email it to mss@ipom.com. SITES FIXED: 19 |
|
| Name | URL | Contacted | Any response |
|---|---|---|---|
| Overture | http://perf.overture.com | April 14, 2007 | None |
| CNET | http://www.cnet.com | April 14, 2007 | Out of office reply from Noel Cragg, but no further response. |
| Cisco | http://www.cisco.com | April 14, 2007 | None - hostmaster@ doesn't seem to be a valid email address and they provide no alternative address on their site. |
| Microsoft | http://www.microsoft.com http://www.hotmail.com |
April 14, 2007 | None - hostmaster@ doesn't seem to be a valid email address and they provide no alternative address on their site. |
| Ebay | http://promo.ebay.com | January 25, 2003 | None 04/14/07 - Noticed that search.ebay.com and cgi.ebay.com were fixed but they link to promo.ebay.com which is still broken. |
| Verisign | http://www.verisign.com/ | February 9, 2002 | 02/11/02 - Human reply saying they forward the email to the correct department 02/20/02 - Email giving ticket number and saying to call if we have any further problems 03/18/02 - Richard called them. The support person said she would pass on the message to the appropriate department. 11/29/03 - We noticed they were fixed 07/08/07 - We received a report they were broken again! |
| Security Focus | http://www.securityfocus.com/ | February 4, 2002 | None. 04/17/02 - We noticed they were fixed 10/19/02 - We then noticed they were broken again! 11/29/03 - We noticed they were fixed - again 07/08/07 - We received a report they were broken again! |
| Discreet | http://www.discreet.com/ | February 24, 2002 | Automated 04/14/07 - verified still broken |
| mp3.com | http://ww.mp3.com/ | February 23, 2002 | Automated 04/14/07 - hardware/software.mp3.com no longer exist, but mp3.com is still broken |
| Windows and .NET Magazine | http://www.winntmag.com/ | February 9, 2002 | Automated 04/14/07 - verified still broken |
| Sears | http://www.sears.com/ | February 9, 2002 | Automated 04/14/07 - verified still broken |
| Id Software | http://www.idsoftware.com/ | February 9, 2002 | None 04/14/07 - verified still broken |
| Iomega | http://www.iomega.com/ | February 9, 2002 | None 04/14/07 - verified still broken |