Re: q CWR ECE SYN

From: RainbowHat (nHiATlE_at_blSackholeP.mAit.edMu.invalid)
Date: 07/15/03


Date: Tue, 15 Jul 2003 19:55:45 +0000 (UTC)


< Jason

>if I telnet that mail server from my Linux box, the packets to that
>server is not SYN, it is CWR ECE SYN. And the remote mail server
>respond with nothing back.

--> Reason
RFC3360 Inappropriate TCP Resets Considered Harmful
3. The Specific Example of ECN
In short, iptables, intermediate gateway or target host drop the
legitimate packets.

--> Troubleshoot
Run `tcpdump` and `hping2` <http://kyuzz.org/antirez/> with SYN|ECE|
CWR TCP flags and traceroute mode.

hping2 -nVTSXYc 32 -p 25 mail.srv.ip.addr

--> Solution
If problem is your own network, re-configure it (Sorry, configuration
is not my business). If not, (e)mail to the owner.

--> Work around (Note: just a work around not a real solution)

echo 0 > /proc/sys/net/ipv4/tcp_ecn

BTW why do you need to send _remote_ mail server (not your ISP?)
_directly_? In most case, spammer is doing (MXware). What's your
purpose?

-- 
"Be liberal in what you accept, and conservative in what you send."
"adaptability to change must be designed into all levels of Internet 
host software" from RFC3360. Hope This Informative, RainbowHat.
----+----1----+----2----+----3----+----4----+----5----+----6----+----7