[eug-lug]weird tcp issue

[Larry Price]

so I discovered that something somewhat strange is going on with ssh on 
my laptop

here's a sanitised packet trace.

21:14:29.395457 192.168.0.191.52903 > randomhost.communitycolo.net.ssh: 
. [bad \
tcp cksum d0cc!] 96:96(0) ack 5121 win 33304 <nop,nop,timestamp 
4180891041 9555\
9903> (DF) [tos 0x10]  (ttl 64, id 57293, len 52)
21:14:30.395772 192.168.0.191.52903 > randomhost.communitycolo.net.ssh: 
. [bad \
tcp cksum cff5!] 96:96(0) ack 5233 win 33304 <nop,nop,timestamp 
4180891043 9556\
0004> (DF) [tos 0x10]  (ttl 64, id 57294, len 52)
21:14:31.396005 192.168.0.191.52903 > randomhost.communitycolo.net.ssh: 
. [bad \
tcp cksum cf1e!] 96:96(0) ack 5345 win 33304 <nop,nop,timestamp 
4180891045 9556\
0105> (DF) [tos 0x10]  (ttl 64, id 57295, len 52)
21:14:32.396254 192.168.0.191.52903 > randomhost.communitycolo.net.ssh: 
. [bad \
tcp cksum ce47!] 96:96(0) ack 5457 win 33304 <nop,nop,timestamp 
4180891047 9556\
0206> (DF) [tos 0x10]  (ttl 64, id 57296, len 52)
21:14:33.396490 192.168.0.191.52903 > randomhost.communitycolo.net.ssh: 
. [bad \
tcp cksum cd70!] 96:96(0) ack 5569 win 33304 <nop,nop,timestamp 
4180891049 9556\
0307> (DF) [tos 0x10]  (ttl 64, id 57297, len 52)
21:14:34.396742 192.168.0.191.52903 > randomhost.communitycolo.net.ssh: 
. [bad \
tcp cksum cbc9!] 96:96(0) ack 5889 win 33304 <nop,nop,timestamp 
4180891051 9556\
0408> (DF) [tos 0x10]  (ttl 64, id 57298, len 52)

note the [bad tcp cksum xxxx!]

it seems to be interfering with connections,
any one have any idea what would be causing this?
192.168.0.191 is the ibook (Mac OS 10.2.8) and it seems like only ssh 
response packets are borked, as other types of traffic will show up 
fine with cksum ok.

Paranoia (is this a trojaned ssh signature? ) most of the hits turned 
up by google were about IDS (bad checksums from crafted packets.)

???

--
Metaphors for system administration 
-----------------------------------------------
bailing the titanic with paper cups:     or polishing the deck chairs 
thereof
steering an iceberg with a broom:         nonexciting challenges await 
you
capturing runaway bulldozers:        once is chance, twice coincidence, 
...

_______________________________________________
EuG-LUG mailing list
[EMAIL PROTECTED]
http://mailman.efn.org/cgi-bin/listinfo/eug-lug