Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Random and strange RST,ACKs

From: "Eduardo Tongson" <propolice () gmail com>
Date: Mon, 5 Mar 2007 00:59:37 +0800
Yup there is a firewall. But the connection is not idle. Those RST,
ACKs appear during the session.

On 3/2/07, Phil Hunter <1860ph () gmail com> wrote:

Eduardo Tongson wrote:

---------- Forwarded message ----------
From: Eduardo Tongson <propolice () gmail com>
Date: Feb 28, 2007 6:07 PM
Subject: Random and strange RST,ACKs
To: pf () benzedrine cx
Hi folks,
I have this peculiar problem where the client over http is having
intermittent reset and timeouts. Doing a dump on the session I see
strange and random RST,ACKs. Here is a
snip:

No.     Time        Source       Destination           Protocol Info
     54 15.291306   CLIENT       SERVER         TCP      4813 > 88
[ACK] Seq=2857 Ack=7738 Win=64512 Len=0
     55 15.303536   CLIENT       SERVER         TCP      4813 > 88
[ACK] Seq=2857 Ack=9040 Win=64512 Len=0
     56 15.393751   CLIENT       SERVER         KRB5
Continuation[Unreassembled Packet]
     57 15.394190   SERVER         CLIENT       KRB5
Continuation[Unreassembled Packet]
     58 15.482484   CLIENT       SERVER         TCP      4814 > 88
[ACK] Seq=2117 Ack=8350 Win=64042 Len=0
     59 15.583039   CLIENT       SERVER         TCP      4813 > 88
[ACK] Seq=3337 Ack=9275 Win=64277 Len=0
     60 17.114978   CLIENT       SERVER         KRB5
Continuation[Unreassembled Packet]
     61 17.116075   CLIENT       SERVER         TCP      4814 > 88
[RST, ACK] Seq=2446 Ack=8350 Win=0 Len=0
     62 17.116481   SERVER         CLIENT       KRB5
Continuation[Unreassembled Packet]
     63 17.116585   SERVER         CLIENT       KRB5
Continuation[Unreassembled Packet]
     64 17.116694   SERVER         CLIENT       KRB5
Continuation[Unreassembled Packet]
     65 17.116703   SERVER         CLIENT       TCP      [TCP segment
of a reassembled PDU]
     66 17.214855   CLIENT       SERVER         TCP      4815 > 88
[SYN] Seq=0 Len=0 MSS=1260
     67 17.215060   SERVER         CLIENT       TCP      88 > 4815
[SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460

on 61 there is that sudden RST,ACK.

What might cause this?
By a long shot could it be a RST attack like the one described in
"Slipping the Window"?

TIA
- ed
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Is there a firewall between these. If so it will reset the connection
every two hours if not used
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: