On 12/18/2007 02:29:38 AM, Henrik Johansen wrote:
[Karl O. Pinc] wrote:
I'll need to examine my traffic to see whether
I need to mess with tcp.closed, interval, or tcp.finwait.
(I know in one case it's RST packets that are the trouble
so tcp.closed/interval would do the trick for that.)
Wha
[Karl O. Pinc] wrote:
[...]
AFAIK, when a client violates the 2MSL rule should I not see the
initial
SYN blocked by PF (since it would create a state mismatch, hence a BAD
state log entry) ?
Yes. (I'm not clear about what I'm looking at when I look at
bad state log entries. I couldn't fin
On 12/17/2007 03:32:39 AM, Henrik Johansen wrote:
[Karl O. Pinc] wrote:
On 12/14/2007 02:17:22 AM, Henrik Johansen wrote:
Hi list,
We are experiencing a steady flow of BAD state error messages that
I cannot explain.
I continue to have problems with (Microsoft) hosts that
violate the 2MS
On Mon, Dec 17, 2007 at 03:52:00PM +0100, Henrik Johansen wrote:
> You can find the requested dump here:
> http://blog.myunix.dk/pf/tcpdump.sanitized
>
> The corresponding BAD state error is here:
> http://blog.myunix.dk/pf/messages_tcpdump.sanitized
There is nothing obviously wrong with the dum
[Daniel Hartmeier] wrote:
[...]
Try to capture a single TCP connection (with tcpdump on all relevant
interfaces of the pf box) from handshake to the point where the BAD
state message occurs (include the BAD state message, too).
You can find the requested dump here:
http://blog.myunix.dk/pf/tc
[Daniel Hartmeier] wrote:
Most of your BAD state messages are of the form
pf: BAD state: TCP X.X.129.45:80 X.X.129.45:80 X.X.246.205:1771
[lo=4006379205 high=4006444151 win=17424 modulator=0]
[lo=2523483440 high=2523483440 win=65535 modulator=0] 4:4 A
seq=2523483440 (2523483440) ack=40
Most of your BAD state messages are of the form
pf: BAD state: TCP X.X.129.45:80 X.X.129.45:80 X.X.246.205:1771
[lo=4006379205 high=4006444151 win=17424 modulator=0]
[lo=2523483440 high=2523483440 win=65535 modulator=0] 4:4 A
seq=2523483440 (2523483440) ack=4006379205 len=1452 ackske
[Karl O. Pinc] wrote:
On 12/14/2007 02:17:22 AM, Henrik Johansen wrote:
Hi list,
We are experiencing a steady flow of BAD state error messages that I
cannot explain.
I continue to have problems with (Microsoft) hosts that
violate the 2MSL TCP rule (STD7, RFC793, page 27
"Knowing When to Ke
On 12/14/2007 02:17:22 AM, Henrik Johansen wrote:
Hi list,
We are experiencing a steady flow of BAD state error messages that I
cannot explain.
I continue to have problems with (Microsoft) hosts that
violate the 2MSL TCP rule (STD7, RFC793, page 27
"Knowing When to Keep Quiet"). I strongly
Hi list,
We are experiencing a steady flow of BAD state error messages that I
cannot explain.
According to google, incorrect state keeping should be the prime suspect
of BAD state errors so I have checked our current ruleset a couple of
times to make sure that we do keep state on every pass ru
10 matches
Mail list logo