On Tue, 11 Jul 2006, Arno van Amersfoort wrote: > I think I already stumbled into this bug in the past, I recall that this > bug was in 2.6.14. > Anyway, I've tried to disable tcp_sack & tcp_dsack but no luck. I also > upgraded to 2.6.17.4 but this doesn't help iether :-S I'm also getting > packets like this for "open ports" (with ie. -p tcp --dport 22 --syn -j > ACCEPT) giving: > > Jul 11 04:02:59 rulhm2 kernel: Stealth scan (PRIV)?: IN=eth0 OUT= > MAC=00:01:02:05:1d:25:00:01:03:d2:b8:75:08:00 SRC=132.229.96.110 > DST=132.229.96.12 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34709 DF PROTO=TCP > SPT=39536 DPT=445 WINDOW=5840 RES=0x00 ACK FIN URGP=0 I don't understand how it is related to an open ssh port. > Any other suggestions? Enable logging invalid packets via /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid then record by tcpdump a whole TCP session which triggers the problem. Then send me the capture file and the corresponding kernel log entries. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
