Re: lots of ACK/FIN filtering (DPT=80) at web server.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2003-05-29 at 11:17, SB CH wrote:
> Thanks for your kind reply.
> 
> >Those are 'broken' browsers that do not follow the http standard
> >properly.
> which browers? Netscape or Opera? mostly use MSIE, right?
> 
Just IE I think ...

> 
> >Stop using non-standards complient browsers. Sometimes changes to
> >standards are not 'enhancements'.
> There are so lots of people which use different browser, 
> then you mean that there is not any solution to solve this problem at 
> iptables level?
> 
Sure, just ACCEPT the ACK-FIN packets.

>  
> Thanks for your reply.
> 
> 
> 
> From: Ray Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
> To: Netfilter Mailing List <netfilter@xxxxxxxxxxxxxxxxxxx>
> Subject: Re: lots of ACK/FIN filtering (DPT=80) at web server.
> Date: 29 May 2003 07:25:38 +0200
> 
> Hi there
> 
> On Wed, 2003-05-28 at 10:46, SB CH wrote:
>  > Hello, all.
>  >
>  > I have operated linux web server and executed iptables 1.2.8.
>  >
>  > and I have found so lots of logs like this ACK,FIN filtering.
>  > Surely, ACK-FIN is a connection closing step, so there is no problem for
>  > customers but I would like to know why this happens!!
>  > I guess that the timeout of the connection tracking related.
>  >
> Those are 'broken' browsers that do not follow the http standard
> properly.
>  >
>  > May 25 12:33:05 www kernel: IN=eth0 OUT= SRC=210.126.xxx.xx
>  > DST=211.10.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=118 ID=3376 DF PROTO=TCP
>  > SPT=3608 DPT=80 WINDOW=63520 RES=0x00 ACK FIN URGP=0
>  >
>  > Do you have any problems like me?
> Yes
> 
>  > and what's the problem and how can I solve this problem?
>  >
> Stop using non-standards complient browsers. Sometimes changes to
> standards are not 'enhancements'.
> 
>  >
>  > Thanks in advance for your kind opinios!!
>  >
>  > _________________________________________________________________
>  > ??ì?¸??ì??. ?¤ë?????´ì?¸ 무ë£? ?¬ì£¼, ê¶?í?©, ??ëª?, ??ì?? ê°??´ë??
>  > http://www.msn.co.kr/fortune/default.asp
> --
> --
> Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
> Network Support Specialist
> http://www.knowledgefactory.co.za
> "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
> Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
> --
> << signature.asc >>
> 
> _________________________________________________________________
> Áõ±Ç Á¤º¸ °¡Àå ºü¸£°í ÆíÇÏ°Ô º¸½Ç ¼ö ÀÖ½À´Ï´Ù. MSN Áõ±Ç/ÅõÀÚ   
> http://www.msn.co.kr/stock/  
-- 
--
Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux