RE: fragmented packet from res6.geocities.com?

[Karl Greenwood <Karl () pt-services co uk>]

> > Does the following connection attempt sound familiar to anyone:
> >
> > Apr 20 14:47:57 fw /kernel: ipfw: 9100 Deny TCP 209.1.224.16 
> > 12.38.161.54 in  
> > via fxp0 Fragment = 147
> > Apr 20 14:48:21 fw last message repeated 9 times
> > Apr 20 14:50:26 fw last message repeated 33 times
> > Apr 20 14:55:40 fw last message repeated 11 times

solved at last:

Date: Tue, 09 May 2000 08:21:49 -0700
From: Deborah Barba <dbarba () yahoo-inc com>
X-Mailer: Mozilla 4.61 [en] (X11; I; SunOS 5.6 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: karl () pt-services co uk, dbarba <dbarba () yahoo-inc com>
Subject: Yahoo! bug
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

It appears that you have gotten the subject right in the email.  This is
a known bug that we are working on at the Yahoo GeoCities property. 

We have a piece of software that, when someone visits a GeoCities.com
page, sends out a fragmented IP to verify that the originator of the
request is valid.  We are working with the vendor to remove that check,
but it appears that there have been some parts of the code that were not
cleared out.  The IP that the packets are coming from, res6, is a
virtual ip, and does not have a real interface on any machine.

I will go back to the vendor with your complaint.  Lets hope the can
find that errant code.

Thank you, and if you have any questions, don't hesitate to ask.