[102160] in RedHat Linux List
Slow packets look like a SYN attack...?
daemon@ATHENA.MIT.EDU (Edward Baichtal)
Tue Dec 1 17:25:56 1998
From: "Edward Baichtal" <edwardb@AirLink.com>
To: <redhat-list@redhat.com>
Date: Tue, 1 Dec 1998 14:23:32 -0800
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
I'm connecting to FTP servers running on Linux machines. The client side
either times out or comes back after 3 minutes with a login prompt to the
FTP server on the Linux site. Captured packets between the wireless modem
on the client (a CDPD modem) and the in-house FTP server on Linux, and
noticed that the difference between going over the CDPD modem and the LAN
was a 1/2 second ack from the CDPD modem.
The modem takes slightly longer to ack. My question is does Linux take a
slow ack as a SYN attack of some sort or shut the port down, or respond
slowly to it on purpose? Is this part of the TCP/IP stack in Linux or
another part?
Connecting to other FTP sites through the CDPD modem come back instantly.
Microsoft FTP servers respond instantly, FreeBSD, etc. But any FTP server
(not just wu-ftpd) on a Linux server responds back to the client slower.
In order to see how slow, I hit a bunch of sites over a faster internet
connection, and observed that when Microsoft FTP sites would respond back to
the client it would come back in 1/10th of a second or less. When a Linux
site would respond back (that wasn't loaded down) it would consistently be
3.2 seconds before a login prompt would appear.
So it's down to the TCP/IP stack or something that affects it under Linux,
because it only happens with Linux sites. So what can I look at on a Linux
server?
It's not a DNS issue, I have put in IP addresses. It's not a matter of what
kind of client, I've used RH Linux, Win95, Win98 and NT 4.0 in the test. It
definitely only comes out when the CDPD modem is being used, but every FTP
site but Linux FTP sites work. (Note: when using the RH Linux client, the
login prompt would come back in 3 minutes. Other clients would just time
out not getting a response back from the server.)
Any help is appreciated.
--------------------------
Edward Baichtal
edwardb@AirLink.com
http://www.airlink.com
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
