On Wed, 4 May 2011, Oren Held wrote:
> Hi,
>
> The new interesting piece of information regarding the problem I
> (and others) reported here on February, is that it's reproducible
> on some Cisco-firewalled networks. I concluded that because
> that's what my workplace is using, and also seen this report on
> https://www.nowhere.dk/articles/natty-narwhal-problems-connecting-to-s
> ervers-behind-cisco-firewalls-using-ssh
>
> I've also summarized all information known
> to me so far, from multiple sources:
> http://www.held.org.il/blog/2011/05/the-myterious-case-of-broken-ssh-c
> lient-connection-reset-by-peer/
>
> Note that now that Ubuntu 11.04 is out, more people are upgrading to
> 5.8p1 and are about to be exposed to this problem.
>
> Maybe it's just a Cisco bug and there's nothing to change in
OpenSSH,
> and still we should remember that the problem is triggered only from
> 5.7p1.
If you are able to reproduce it in your environment, e.g. with the
Ciphers comma hack then you can exhonerate (or otherwise) OpenSSH
by tcpdumping the session at both the client and the server and
seeing who actually closes the connection.
If a middlebox is screwing up DPI, then you would expect to see a RST
appear at the client that was not sent by the server.
-d