In-Reply-To: <20020208150434.3358.qmail@mail.securityfocus.com> Half close issue fixed in: 8.3.24.5, 9.0.41.5, 10.0.25.1, which should appear on the Nortel Support website shortly. Fix pending for next build of 8.0 and 8.1 (8.0.63.5, 8.1.34.5). No fix planned for older versions. Description: CR Q00229759 Prevent RIP leak when half bound session receives a FIN (half closed)from client. Accomplished by ignoring first FIN, and setting a flag. If binding fails, on retransmitted FIN, session will be fastaged. (If binding succeeds, retransmitted FIN is sent to real server and handled correctly.) There is a secondary problem which can occur when the server's FIN is not acknowledged in a timely manner by the client. This results in the session (translation information) being removed while the server is still retrying the FIN. The workaround for this is to raise the fast aging time to allow for the retransmissions using the /cfg/slb/adv/fastage parameter (recommended value=2), but we plan on issuing a more comprehensive fix within a month. --------------------------------------------- Nortel Networks: Intelligent Edge / Alteon Mike Rogers, Director, Customer Engineering Phone: +1 603-661-9091 (HQ VM +1-408-360-5631) ---------------------------------------------
