nanog mailing list archives
Re: TCP receive window set to 0; DoS or not?
From: billn () billn net
Date: Thu, 7 Sep 2006 15:04:58 -0700 (MST)
I've been seeing some systems that stop serving pages, and I also see the Linux "Treason Uncloaked!" kernel messages that indicate a remote system reduced its rcv win from 1 to 0... is there a non-malicious explanation for this, aside from a remote host running out of socket buffers? Seems to happen too often for that to be the case, and my googling has shown that it may be outside of spec. Certainly the warning is clear enough...
I've seen this, quite a bit, on some heavy traffic web clusters. Some impolite web browsers will shrink the TCP window to kill the socket connection instead of a proper fin/reset. - billn
Current thread:
- TCP receive window set to 0; DoS or not? Travis Hassloch (Sep 07)
- Re: TCP receive window set to 0; DoS or not? billn (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Richard A Steenbergen (Sep 07)
- Re: TCP receive window set to 0; DoS or not? billn (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Steven M. Bellovin (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Jim Shankland (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Richard A Steenbergen (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Travis Hassloch (Sep 08)
- Re: TCP receive window set to 0; DoS or not? Jim Shankland (Sep 08)
- Re: TCP receive window set to 0; DoS or not? Richard A Steenbergen (Sep 07)
- Re: TCP receive window set to 0; DoS or not? billn (Sep 07)
- <Possible follow-ups>
- Re: TCP receive window set to 0; DoS or not? billn (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Christopher L. Morrow (Sep 07)
- Re: TCP receive window set to 0; DoS or not? David E. Smith (Sep 07)
- Re: TCP receive window set to 0; DoS or not? Christopher L. Morrow (Sep 07)