[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

TCP windows shrinking



This was logged by one of my servers the other day (potato, upgraded
with the necessary packages to run kernel 2.4.2):

Mar 31 08:40:48 debian kernel: TCP: peer xxx.xx.xx.xx:41760/20 shrinks
window 3735214707:8280:3735227987. Bad, what else can I say?

The IP address, obviously, has been replaced with x's here.  I haven't
ever seen the message before.  I have heard of some vulnerabilities in
various firewall code that allows bogus IP header 'offset' fields to be
used to avoid firewall packet matching rules.  Might this be an attempt
at something like that?  Might this merely have been a packet that got
horribly mangled somewhere on the internet, completely unintentionally?

Any thoughts?

Thanks.
noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpQApW9LEMfr.pgp
Description: PGP signature


Reply to: