Re: [fw-wiz] Source of T/TCP traffic

From: Volker Tanger (volker.tanger_at_discon.de)
Date: 09/09/03

  • Next message: lordchariot_at_earthlink.net: "RE: [fw-wiz] Source of T/TCP traffic" 
    To: Knut Bjornstad <kbjo@interpost.no>
Date: Tue, 9 Sep 2003 14:22:58 +0200

    Greetings!

    On Tue, 9 Sep 2003 Knut Bjornstad <kbjo@interpost.no> wrote:

    > Our IDS are seeing a lot of peculiar T/TCP traffic - the alerts on
    > this is no problem in itself - I can easily disable them. But when I
    > try to analyze the traffic, it seems like ordinary web traffic from
    > various MS IE sources.

    Do you see T/TCP, TAO or the braindead MS-IE/IIS speedup hack? Usually
    newer IE try to send the HTTP request already in the SYN packet (or was
    it first sending an ACK packet with the request?) ignoring the usual
    need for a SYN - SYN/ACK - ACK handshake for a proper TCP connection.

    While the IIS answers directly other servers respond with a RST, upon
    which the IIS starts anew with the standard 3-way handshake. This way
    a MS-IE/MS-IIS pair has a small speed advantage over standard clients
    or servers. It's called improving industry standards, I fear.

    If this is the traffic you see, you can safely ignore it (as MS-IE
    does).

    HTH

    Volker Tanger

         

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: lordchariot_at_earthlink.net: "RE: [fw-wiz] Source of T/TCP traffic"

    Relevant Pages

    • Re: Google momentarily misuse corrected
      ... Graeme Thomas wrote: ... Most servers don't (unless for political reasons they have to run ... Video was just an example. ... Their setup then consisted primarily of standard PC ...
      (alt.usage.english)
    • Re: whats the difference in files (and sizes) between project std
      ... >> Hi Sudheer, ... >> using servers, then the Standard version is of little use to you. ... >>>> add-ons that allow use with servers etc., ...
      (microsoft.public.project)
    • Re: Proposed NTP solution for a network
      ... My standard rate is $200+ per hour. ... OTOH 100-1000 us is in fact quite doable using standard NTP. ... Finally I would use the same NTP configuration on every single of the ... remaining servers, syncing to all 6 of the secondary servers. ...
      (comp.protocols.time.ntp)
    • Re: Is it possible to have 2 website front pages on SBS2003?
      ... In my case I have replaced the standard default page ... The site is a seperate IIS ... default site (ie. a name not associated with a host header), ... logon page and "my company's internal website" section. ...
      (microsoft.public.windows.server.sbs)
    • Re: SMS Heirachy
      ... I have also tried rebooting both servers after adding the compter accounts ... > try and setup a standard address when i select the drop down box i dont ... > account is a member of the sms_sitetosite group on SiteB? ... >> A. The address will use the sender, but having a sender is not enough. ...
      (microsoft.public.sms.setup)