[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Fwd: Re: port 80 filtered

I'm not sure if this applies to you but check this on slashdot:


Especially this comment:


I'm not sure how widespread it is, but I observed that the way @home blocks
connections to port 80 in my area (western Milwaukee suburbs) is by setting
extra flags on all SYN packets headed to port 80. IIRC, these packets look
like elements of an XMAS scan under tcpdump - many extra flags, such as ACK,
FIN, and URG, are set and the packets are discarded as invalid by the stock
kernel (and rightly so).

What I did to counter this was to make a very quick and dirty patch to my
kernel, which accepted these malformed packets as normal SYN requests. The
result? Web services were back to normal and Apache is chugging away as we
speak. I've been doing this since the ban and have had no problems at all.

Might be something to try...


and this one:

 had the same experience; this works in New Brunswick too. Here is the patch
I made:

--- tcp_input.c Sun Dec 10 18:49:44 2000
+++ /tmp/tcp_input.c    Mon Sep 3 12:23:45 2001
@@ -2074,7 +2074,7 @@
                /* These use the socket TOS..
                 * might want to be the received TOS
-               if(th->ack)
+               if(th->ack && !(th->source == 80 && th->fin))
                        return 1;

                if(th->syn) {




Reply to: