AWS AWSEC2 documentation change
Summary
Added 'untracked connections' as a condition for receiving PMTUD responses alongside automatically tracked connections and security group rules allowing ICMP traffic.
Security assessment
The change clarifies security group behavior for PMTUD responses but doesn't address a specific vulnerability. It improves documentation about connection tracking mechanisms which are part of network security configuration.
Diff
diff --git a/AWSEC2/latest/UserGuide/network_mtu.md b/AWSEC2/latest/UserGuide/network_mtu.md index 41a534a4f..5c84c5da4 100644 --- a//AWSEC2/latest/UserGuide/network_mtu.md +++ b//AWSEC2/latest/UserGuide/network_mtu.md @@ -85 +85 @@ The IPv6 protocol does not support fragmentation in the network. When a host sen -Connections made through some components, like NAT gateways and load balancers, are [automatically tracked](./security-group-connection-tracking.html#automatic-tracking). This means that [security group tracking](./security-group-connection-tracking.html) is automatically enabled for your outbound connection attempts. If connections are automatically tracked or if your security group rules allow inbound ICMP traffic, you can receive PMTUD responses. +Connections made through some components, like NAT gateways and load balancers, are [automatically tracked](./security-group-connection-tracking.html#automatic-tracking). This means that [security group tracking](./security-group-connection-tracking.html) is automatically enabled for your outbound connection attempts. If connections are automatically tracked, are [untracked](./security-group-connection-tracking.html#untracked-connections), or if your security group rules allow inbound ICMP traffic, you can receive PMTUD responses.