On Sun, Jun 01, 2008 at 08:09:58PM -0400, Robert Blayzor wrote: > On Jun 1, 2008, at 6:07 PM, Sarocet wrote: > > Seems like a problem with the TCP stack to me. No client of normal > > sockets should be abel > > to do that. Do you have some device (such a firewall) in front of that > > machine which could > > be interfering? Could you fingerprint (p0f) from which OS come this > > activity? > > It's not the server or any device in front of it. (which there are not > other than switches and routers). In the tcpdumps we've looked at the > client appears to hang or timeout, and when the server sends acks to > see if the connection is still alive (keepalive or otherwise) the > client starts replying with a "zero sized window", which is broken. > > We thought about p0f, but with the randomness of the broken clients > and the shear volume of connections the mirrors get, it would be very > difficult to capture that data. It may come down to that, but I'm > just pointing out that something appears to be bugged in quite a few > clients that connect.
I cannot confirm this on our mirror, there are no connections stuck in FIN_WAIT_1 at all. Could it be that all stuck connections you see, are the result of some popular DSL-router/NAT box in your area, that behaves badly? -- Jan-Pieter Cornet <[EMAIL PROTECTED]> !! Disclamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
