> I've been seeing some systems that stop serving pages, and I also see > the Linux "Treason Uncloaked!" kernel messages that indicate a remote > system reduced its rcv win from 1 to 0... is there a non-malicious > explanation for this, aside from a remote host running out of socket > buffers? Seems to happen too often for that to be the case, and > my googling has shown that it may be outside of spec. Certainly > the warning is clear enough... I've seen this, quite a bit, on some heavy traffic web clusters. Some impolite web browsers will shrink the TCP window to kill the socket connection instead of a proper fin/reset. - billn
- TCP receive window set to 0; DoS or not? Travis Hassloch
- Re: TCP receive window set to 0; DoS or not? billn
- Re: TCP receive window set to 0; DoS or not... Richard A Steenbergen
- Re: TCP receive window set to 0; DoS or... billn
- Re: TCP receive window set to 0; DoS or... Steven M. Bellovin
- Re: TCP receive window set to 0; DoS or... Jim Shankland
- Re: TCP receive window set to 0; Do... Richard A Steenbergen
- Re: TCP receive window set to 0; Do... Travis Hassloch
- Re: TCP receive window set to ... Jim Shankland
- Re: TCP receive window set to 0; DoS or not? billn
- Re: TCP receive window set to 0; DoS or not... Christopher L. Morrow
- Re: TCP receive window set to 0; DoS or... David E. Smith
