From owner-freebsd-questions Thu Mar 20 17:15:30 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 53AD937B401 for ; Thu, 20 Mar 2003 17:15:29 -0800 (PST) Received: from jfitz.com (adsl-63-194-217-126.dsl.snfc21.pacbell.net [63.194.217.126]) by mx1.FreeBSD.org (Postfix) with SMTP id A811943F85 for ; Thu, 20 Mar 2003 17:15:28 -0800 (PST) (envelope-from fitz@jfitz.com) Received: (qmail 21072 invoked from network); 21 Mar 2003 01:15:28 -0000 Received: from localhost.jfitz.com (HELO fitzlt.jfitz.com) (127.0.0.1) by localhost.jfitz.com with SMTP; 21 Mar 2003 01:15:27 -0000 Content-Type: text/plain; charset="iso-8859-1" From: John Fitzgibbon To: Giorgos Keramidas Subject: Re: Repeated ACKs - possible DoS? Date: Thu, 20 Mar 2003 17:15:32 -0800 User-Agent: KMail/1.4.3 Cc: freebsd-questions@FreeBSD.org References: <200303201408.53238.fitz@jfitz.com> <20030321004312.GA1964@gothmog.gr> In-Reply-To: <20030321004312.GA1964@gothmog.gr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200303201715.32293.fitz@jfitz.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thursday 20 March 2003 04:43 pm, Giorgos Keramidas wrote: > > X is remote. Y is server, (FreeBSD 4.7-STABLE, built 2003/01/06) > > > > tcpdump shows 2 remote connections repeatedly sending "ack 1": > > > > 09:16:10.236812 X.64670 > Y.http: . ack 1 win 32589 > > 09:16:10.236879 Y.http > X.64670: . ack 489 win 58400 (DF) > > Hmmm, is this repeatable? Can you try to grab the output of the > following command in a log file while it happens? > > # tcpdump -n -v -s 128 -XX port 80 > > - Giorgos I haven't seen this behavior before, and I don't know how to recreate it :( To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message