False alarms of invalid packets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello!

As of kernel 2.6.10 ( AFAIK it didn't happen with 2.6.6 ) I'm frequently noting valid packets that are matched by

-A FORWARD -i $INET_IF -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-tcp-sequence --log-tcp-options --log-ip-options --log-prefix \"ILLEGAL CONNECT \"
-A FORWARD -i $INET_IF -p tcp ! --syn -m conntrack --ctstate NEW -j DROP

The log then reports:

ILLEGAL CONNECT IN=eth0 OUT=eth4 SRC=... DST=... LEN=88 TOS=0x00 PREC=0x00 TTL=54 ID=51407 DF PROTO=TCP SPT=59161 DPT=993
SEQ=419025884 ACK=1649134821 WINDOW=65535 RES=0x00 ACK PSH URGP=0 OPT (0101080A8B9F9B5983C5BFAB)

This happens for connections established for a longer time, such as IMAP, HTTP or SSH .

Thanks in advance,
Michael

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux