Re: q CWR ECE SYN
From: RainbowHat (nHiATlE_at_blSackholeP.mAit.edMu.invalid)
Date: 07/15/03
- Next message: RainbowHat: "Re: Virus designed to take down an Oracle server?"
- Previous message: nobody: "Re: Virus designed to take down an Oracle server?"
- In reply to: Jason: "q CWR ECE SYN"
- Next in thread: Jason: "Re: q CWR ECE SYN"
- Reply: Jason: "Re: q CWR ECE SYN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Jul 2003 19:55:45 +0000 (UTC)
< Jason
>if I telnet that mail server from my Linux box, the packets to that
>server is not SYN, it is CWR ECE SYN. And the remote mail server
>respond with nothing back.
--> Reason
RFC3360 Inappropriate TCP Resets Considered Harmful
3. The Specific Example of ECN
In short, iptables, intermediate gateway or target host drop the
legitimate packets.
--> Troubleshoot
Run `tcpdump` and `hping2` <http://kyuzz.org/antirez/> with SYN|ECE|
CWR TCP flags and traceroute mode.
hping2 -nVTSXYc 32 -p 25 mail.srv.ip.addr
--> Solution
If problem is your own network, re-configure it (Sorry, configuration
is not my business). If not, (e)mail to the owner.
--> Work around (Note: just a work around not a real solution)
echo 0 > /proc/sys/net/ipv4/tcp_ecn
BTW why do you need to send _remote_ mail server (not your ISP?)
_directly_? In most case, spammer is doing (MXware). What's your
purpose?
-- "Be liberal in what you accept, and conservative in what you send." "adaptability to change must be designed into all levels of Internet host software" from RFC3360. Hope This Informative, RainbowHat. ----+----1----+----2----+----3----+----4----+----5----+----6----+----7
- Next message: RainbowHat: "Re: Virus designed to take down an Oracle server?"
- Previous message: nobody: "Re: Virus designed to take down an Oracle server?"
- In reply to: Jason: "q CWR ECE SYN"
- Next in thread: Jason: "Re: q CWR ECE SYN"
- Reply: Jason: "Re: q CWR ECE SYN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
