[ale] Iptables: Packets from port 80 to unestablished ports
Dow Hurst
dhurst at kennesaw.edu
Wed Jul 30 10:32:11 EDT 2003
So to clarify this:
Are you saying that these web servers are sending ACKs to unrelated high
port numbers to accelerate the response of the client? Sending the ACK
to a different port number than the port that would be appropriate is a
violation of the normal TCP protocol as y'all have stated. So it looks
like an attack/probe to the firewall.
Dow
Jonathan Rickman wrote:
>On Tuesday 29 July 2003 21:56, Transam wrote:
>
>
>
>>If it's Winbloz IIS, it may be violating the TCP protocol in such a way
>>that response time to a IE client is faster than not violating the TCP
>>protocol but sending to anyone else that follows the protocol is slower.
>>Also, some firewalls get upset.
>>
>>
>
>Roxen exhibits this behavior as well. Some of the older load balancing
>appliances tend to break things too.
>
>
>
--
__________________________________________________________
Dow Hurst Office: 770-499-3428
Systems Support Specialist Fax: 770-423-6744
1000 Chastain Rd. Bldg. 12
Chemistry Department SC428 Email: dhurst at kennesaw.edu
Kennesaw State University Dow.Hurst at mindspring.com
Kennesaw, GA 30144
*****************************************************************
This message (including any attachments) contains confidential *
information intended for a specific individual and purpose, *
and is protected by law. If you are not the intended recipient,*
you should delete this message and are hereby notified that *
any disclosure, copying, or distribution of this message, or *
the taking of any action based on it, is strictly prohibited. *
*****************************************************************
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list