At 21:55 08/09/2006, Jim Shankland wrote:
Travis Hassloch <[EMAIL PROTECTED]> writes:
> The part where it becomes a DoS is when they tie up all the listeners
> on a socket (e.g. apache), and nothing happens for several minutes until
> their connections time out. Whether intentional or not, it
Travis Hassloch <[EMAIL PROTECTED]> writes:
> The part where it becomes a DoS is when they tie up all the listeners
> on a socket (e.g. apache), and nothing happens for several minutes until
> their connections time out. Whether intentional or not, it does have
> a negative effect.
Ah, that make
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jim Shankland wrote:
> To address the "DoS" question, I don't see how this protocol violation
> enables a DoS attack. More likely, it's simply somebody's buggy
> TCP stack misbehaving. That "somebody" is unlikely to be Windows, MacOS,
> FreeBSD, or
[EMAIL PROTECTED] writes:
> On Thu, 7 Sep 2006, Joshua Brewer wrote:
>
>> What about when we're seeing this on port 25?
>
> Sand worms.
>
> In all seriousness, your guess is as good as mine, at that point. If
> memory serves, the platforms we saw this on most, with web browsers, were
> mobile
On Thu, Sep 07, 2006 at 11:28:47PM -0700, Jim Shankland wrote:
>
> Richard A Steenbergen <[EMAIL PROTECTED]> writes:
> > Advertising a window of 0 is a perfectly valid way of telling the other
> > side that you are temporarily out of resoruces, and would like them to
> > stop sending you data
Richard A Steenbergen <[EMAIL PROTECTED]> writes:
> Advertising a window of 0 is a perfectly valid way of telling the other
> side that you are temporarily out of resoruces, and would like them to
> stop sending you data
Except that that's not what's going on here. This message appears
when
Christopher L. Morrow wrote:
> I see this on web, ftp, rsync as well... so perhaps it's just impolite
> people? :)
Who knows. My DNS servers get a few of those per day.
David Smith
MVN.net
On Thu, 7 Sep 2006 19:24:02 -0400, Richard A Steenbergen
<[EMAIL PROTECTED]> wrote:
> Advertising a window of 0 is a perfectly valid way of telling the other
> side that you are temporarily out of resoruces, and would like them to
> stop sending you data. This can be caused by any number of th
On Thu, 7 Sep 2006 [EMAIL PROTECTED] wrote:
>
> On Thu, 7 Sep 2006, Joshua Brewer wrote:
>
> > What about when we're seeing this on port 25?
>
> Sand worms.
>
> In all seriousness, your guess is as good as mine, at that point. If
> memory serves, the platforms we saw this on most, with web brows
On Thu, 7 Sep 2006, Richard A Steenbergen wrote:
> Advertising a window of 0 is a perfectly valid way of telling the other
> side that you are temporarily out of resoruces, and would like them to
> stop sending you data. This can be caused by any number of things, from a
This makes sense whe
On Thu, Sep 07, 2006 at 03:04:58PM -0700, [EMAIL PROTECTED] wrote:
>
> > I've been seeing some systems that stop serving pages, and I also see
> > the Linux "Treason Uncloaked!" kernel messages that indicate a remote
> > system reduced its rcv win from 1 to 0... is there a non-malicious
> > expla
On Thu, 7 Sep 2006, Joshua Brewer wrote:
> What about when we're seeing this on port 25?
Sand worms.
In all seriousness, your guess is as good as mine, at that point. If
memory serves, the platforms we saw this on most, with web browsers, were
mobile devices. What kind of volume are you seein
> I've been seeing some systems that stop serving pages, and I also see
> the Linux "Treason Uncloaked!" kernel messages that indicate a remote
> system reduced its rcv win from 1 to 0... is there a non-malicious
> explanation for this, aside from a remote host running out of socket
> buffers?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
New listener, first-time caller.
I've been seeing some systems that stop serving pages, and I also see
the Linux "Treason Uncloaked!" kernel messages that indicate a remote
system reduced its rcv win from 1 to 0... is there a non-malicious
explanatio
14 matches
Mail list logo
