Firewall Wizards mailing list archives
Re: Random and strange RST,ACKs
From: Chris Myers <clmmacunix () charter net>
Date: Wed, 4 Apr 2007 12:41:02 -0500
The peculiar part is your dst port is 88. Are you port forwarding your http to 88, if so, there is no real need for this as it is not more secure. Are there other clients using port 88 that are working? If not, then the backend machine is doing its job. clmmacunix On Mar 1, 2007, at 1:15 PM, Phil Hunter wrote:
Eduardo Tongson wrote:---------- Forwarded message ---------- From: Eduardo Tongson <propolice () gmail com> Date: Feb 28, 2007 6:07 PM Subject: Random and strange RST,ACKs To: pf () benzedrine cx Hi folks, I have this peculiar problem where the client over http is having intermittent reset and timeouts. Doing a dump on the session I see strange and random RST,ACKs. Here is a snip: No. Time Source Destination Protocol Info 54 15.291306 CLIENT SERVER TCP 4813 > 88 [ACK] Seq=2857 Ack=7738 Win=64512 Len=0 55 15.303536 CLIENT SERVER TCP 4813 > 88 [ACK] Seq=2857 Ack=9040 Win=64512 Len=0 56 15.393751 CLIENT SERVER KRB5 Continuation[Unreassembled Packet] 57 15.394190 SERVER CLIENT KRB5 Continuation[Unreassembled Packet] 58 15.482484 CLIENT SERVER TCP 4814 > 88 [ACK] Seq=2117 Ack=8350 Win=64042 Len=0 59 15.583039 CLIENT SERVER TCP 4813 > 88 [ACK] Seq=3337 Ack=9275 Win=64277 Len=0 60 17.114978 CLIENT SERVER KRB5 Continuation[Unreassembled Packet] 61 17.116075 CLIENT SERVER TCP 4814 > 88 [RST, ACK] Seq=2446 Ack=8350 Win=0 Len=0 62 17.116481 SERVER CLIENT KRB5 Continuation[Unreassembled Packet] 63 17.116585 SERVER CLIENT KRB5 Continuation[Unreassembled Packet] 64 17.116694 SERVER CLIENT KRB5 Continuation[Unreassembled Packet] 65 17.116703 SERVER CLIENT TCP [TCP segment of a reassembled PDU] 66 17.214855 CLIENT SERVER TCP 4815 > 88 [SYN] Seq=0 Len=0 MSS=1260 67 17.215060 SERVER CLIENT TCP 88 > 4815 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 on 61 there is that sudden RST,ACK. What might cause this? By a long shot could it be a RST attack like the one described in "Slipping the Window"? TIA - ed _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizardsIs there a firewall between these. If so it will reset the connection every two hours if not used _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Random and strange RST,ACKs Chris Myers (Apr 06)