Displaying 20 results from an estimated 4000 matches similar to: "Re: Expected handling of [SYN] when expecting[SYN, ACK]?"
2007 Mar 23
1
Expected handling of [SYN] when expecting [SYN, ACK]?
Hi,
I''ve been developing a peer-to-peer application, and have recently been
trying to add STUNT
(http://www.cis.nctu.edu.tw/~gis87577/xDreaming/XSTUNT/Docs/XSTUNT%20Ref
erence.htm) to allow firewall/NAT traversal. I got a box with Shorewall
to use for testing, and am now trying to work out whether Shorewall is
actually designed to prevent such connections? I notice in the FAQs that
2007 Apr 10
2
policy routing with two shorewalls
I have, for the time being, decided to split my dual ISP/single
shorewall connection into two shorewall connections/boxes, each handling
one ISP.
I am running OSPF in the network and so far things are working out
fairly well (from a client of the two gateways).
$ ip route ls
10.33.66.2 via 10.75.22.199 dev eth0 proto zebra metric 20
192.168.200.1 via 10.75.22.254 dev eth0 proto zebra metric
2019 Apr 16
0
No ack packet for tcp SYN with window scale of 64
I have found a very strange problem. We found that the time of establishing the websocket connection between mobile phone and server was too long. Then I use tcpdump to capture the data and found that the problem maybe has something to do with window scale option in SYN packet. Here is the SYN packet for websocket connection:
55488 ? 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64
2005 Feb 02
1
Shorewall 2.0.16
This release back-ports the DROPINVALID shorewall.conf option from 2.2.0.
1) Recent 2.6 kernels include code that evaluates TCP packets based on
TCP Window analysis. This can cause packets that were previously
classified as NEW or ESTABLISHED to be classified as INVALID.
The new kernel code can be disabled by including this command in
your /etc/shorewall/init file:
echo 1
2007 Jan 23
4
Conflict between iptables and previous shorewall installation
Hi,
i have a problem concerning my previous shorewall installation.
I tried to use shorewall to configure my firewall, but i couldn''t get
NAT to work. So i decided to remove shorewall and tried it with plain
iptables. This is now working for me but everytime when i start my
network connection it seems that my handmade iptable rules are
overwritten. I have to manually run my
2006 Jul 21
4
OpenVZ and virtuel network
Hello All
I installed shorewall 3.0.8 on Centos 4.3 with openvz.org kernel
it work well
i have in this Host 3 virtual servers (VPS)
i can access from a VPS to the internet , and with NAt rule (Via
Shorewall) i can access from Internet to the 3 VPS.
i want that all the 3 VPS can communicate between them.
i can''t do a tcp connection from a VPS to an other , in my shorewall log
in the
2015 May 22
1
help please , How SYN and ACK packets counted by the server(centos)
I have a question about tcp layer of linux kernel. I want, Syn and ack
packages received to server will be counted.
[image: enter image description here]
where total_syn_count and total_ack_count are variables to be defined and
will be increased
Which files to be used ????
tcp_input.c ,tcp_output.c , tcp_ipv4.c
2004 Dec 11
0
Shorewall 2.2.0 Beta 8
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta8
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta8
Problems Corrected:
1. A typo in the /etc/shorewall/interfaces file has been corrected.
2. Previously, the "add" and "delete" commands were generating
incorrect policy matches when policy match support was
available.
New
2001 Apr 22
0
Prioritzing SYNs and SYN-ACKs with Diffserv
Hi,
I''m interested in prioritizing all packets with the SYN bit on, both with
and without the ACK bit on (but specially the SYN ACKS).
I am checking is the use of Diffserv. From a paper I read I understood that
when Diffserv is on, all "Control Traffic", including TCP SYN-ACKs, gets by
default into "band 0" of Diffserv, the highest priority out of 16 bands. If
true,
2014 Jan 24
1
Possible SYN flooding on port 8000. Sending cookies
Hi
*Problem *- I'm running Icecast in a VM container on OpenVZ. Syslog on the
hardware node (HN) shows these error messages:
Jan 23 18:43:05 HN kernel: [27469893.430615] possible SYN flooding on port
8000. Sending cookies.
Jan 23 21:37:40 HN kernel: [27480362.817944] possible SYN flooding on port
8000. Sending cookies.
Jan 23 23:43:50 HN kernel: [27487929.582025] possible SYN flooding on
2003 Nov 28
0
For those of you that uses syn Text Editor to edit .R files
Hi,
sorry to bother you, and that this is probably not the right list :-),
but I read that some of you might use syn as Editor
for .R files. I've released an unofficial Version of the syn Text Editor
with improved support for R (I'm the initial developer of this program,
btw.). syn is a Windows 32 Program (Win9x, NT4, 2000), but maybe it runs
also inside Wine, I didn't try it.
2005 Mar 23
1
syn flood protection - inside initiated attacks
Perhaps someone will help me on this :-
I have read a lot of examples of syn flood protect on the INPUT chain.
That I have no question at all.
I wonder if it make sense to perform syn flood protection
at the FORWARD chain ? If packets are originated from a
LAN worm, and are not targetted at the firewall itself, but
rather at hosts in the internet, will it cause problem with
the firewall itself,
2006 Jul 21
6
Quick Question on [UNREPLIED] in the state tables
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have a situation where some Poptop/PPTP sessions (only with FC5/Shorewall to FC5/Shorewall firewall in between) cause the following to appear in the state table (shorewall show connections).
unknown 47 420 src=XX.234.79.183 dst=XX.234.137.226 packets=2 bytes=130 [UNREPLIED] src=XX.234.137.226 dst=XX.234.79.183 packets=0 bytes=0 mark=0 use=1
1997 Feb 28
0
forwarded from BoS: Linux anti-SYN flooding patch
I have just finished a patch to linux 2.0.29 that provides
the SYN cookies protection against SYN flood attacks.
You can grab it from my home page at:
http://www.dna.lth.se/~erics/software/tcp-syncookies-patch-1.gz
You can also follow the pointers from my home page (see the signature)
to get a very short blurb about this patch.
Quick synopsys: This implements the SYN cookie defense
against SYN
2018 Jul 20
0
database node / possible SYN flooding on port 3306
On 07/20/2018 03:56 AM, Leon Fauster via CentOS wrote:
> Hi folks,
>
> I have here a database node running
>
> # rpm -qa | grep mysql-server
> mysql55-mysql-server-5.5.52-1.el6.x86_64
>
> on
>
> # virt-what
> vmware
>
>
> that seems to have a connection problem:
>
> # dmesg |grep SYN |tail -5
> possible SYN flooding on port 3306. Sending cookies.
2006 Nov 16
2
Connlimit in Shorewall?
Hi everyone,
I see that shorewall has "ratelimit" but i''m interested in deny
conexions by number of them, not by number/sec.
Is connlimit feature supported by shorewall? Or maybe someone have an
extraofficial patch for them?
Regards,
Angel Mieres
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
2011 May 25
1
kernel: possible SYN flooding on port 655. Sending cookies.
On a Linux Server running tincd I noticed the following log message in
/var/log/messages
kernel: possible SYN flooding on port 655. Sending cookies.
I found this on the web:
If SYN cookies are enabled, then the kernel doesn't track half open
connections at all. Instead it knows from the sequence number in the
following ACK datagram that the ACK very probably follows a SYN and a
SYN-ACK.
2006 Oct 03
2
Change log path problem
Hello,
I changed the log path in shorewall.conf, LOGFILE=/var/log/messages to LOGFILE=/var/log/shorewall, and then I touched the shorewall file in /var/log, permission root:root 600, after shorewall restart, no logging messages appear in /var/log/shorewall. so how can I fix this problem ?
Thanks !!
_______________________________________
YM - 離線訊息
2018 Jul 20
2
database node / possible SYN flooding on port 3306
Hi folks,
I have here a database node running
# rpm -qa | grep mysql-server
mysql55-mysql-server-5.5.52-1.el6.x86_64
on
# virt-what
vmware
that seems to have a connection problem:
# dmesg |grep SYN |tail -5
possible SYN flooding on port 3306. Sending cookies.
possible SYN flooding on port 3306. Sending cookies.
possible SYN flooding on port 3306. Sending cookies.
possible SYN flooding on
2006 Jul 20
2
Policy
Hello All, is it good to DROP all packets coming from net to other zones,
like dmz, loc & fw? or should I REJECT
Here is my Policy for packets from net:
net $FW DROP info
net loc DROP info
net dmz DROP info
net all DROP info
all all