JamesPC
join:2005-10-12
Orange, CA
1 edit | good for me
I guess I am getting good access while running Azureus on my RR connection. Click on your computer for a good look at what your connected to. Some kool things for a beta. |
|
MxxCon
join:1999-11-19
Brooklyn, NY
clubs:   | indeed, it's showing some interesting data.
and it can even work as a firewall.
but for some reason after a few seconds cpu usage jump to 100% |
|
Hehe
@ssa.gov | Can we block the reset packets?
It would be cool if we could detect and block these reset packets! A rule on the firewall! Or maybe an iptables module? |
|
knightmb
Everybody Lies
join:2003-12-01
Franklin, TN
 ·AT&T DSL Service
1 edit | tested with some screenshots
Downloading the *cough* Linux ISO called Indiana Jones and something | 
Alerts for RST packets | | 
Software Screenshot, all runs from browser |
After a few minutes in, I was watching the NNMA software.
After it was done downloading, I counted up about 3 alerts for RST packets, which may be due to either Comcast or maybe the ISP I was connecting with, hard to tell?
--
Fight NebuAD and the like:
Click Here to pollute their data |
|
MxxCon
join:1999-11-19
Brooklyn, NY
clubs:
| reply to Hehe
Re: Can we block the reset packets?
impossible and idiotic request.
RTS packets are an integral part of TCP protocol. blocking them will completely destroy your internet connection.
realtime detection methods are inaccurate so any block rule will have HUGE false positive rate.
the only accurate way to detect faked RST packets is by comparing traffic from both sides and see if one generated the given RST packet to the other. |
|
Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
 ·AT&T U-Verse
1 edit | reply to knightmb
Re: tested with some screenshots
It could have something to do with the default BitTorrent
port of 6881. A lot of trackers block that port, which is
why Azureus recommends using a high numbered port between
49152 and 65535.
Also, I've read of instances of Comcast users not seeing any
forged TCP resets. Perhaps it is only occurring in major
markets with saturated nodes.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
|
|
RR206
join:2001-12-11
Renton, WA
clubs: | Wide open on Qwest
It's showing everything wide open on my new 12mb Qwest line. I don't feel like plugging comcast back in to test it. |
|
Packeteers
Premium
join:2005-06-18
Forest Hills, NY
| no complaints on Verizon
according to their web sight forum
»forums.pfir.org/main/messages/714/714.html
nobody is complaining about Verizon
so I guess my DSL is safe for now 
I'd rather wait till this is out of
beta, before keeping it running here. |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
 ·Skype
| reply to MxxCon
Re: Can we block the reset packets?
said by MxxCon  :impossible and idiotic request. RTS packets are an integral part of TCP protocol. blocking them will completely destroy your internet connection. realtime detection methods are inaccurate so any block rule will have HUGE false positive rate. the only accurate way to detect faked RST packets is by comparing traffic from both sides and see if one generated the given RST packet to the other. After a 2-way connection has been established, a Reset (RST) flag should only be generated by the far end if it has crashed. However, all of the forged RST packets generated by Sandvine come in within the same second as a previous genuine packet from the remote host. This being the case, it would be possible to detect a bogus RST packet and react to it differently or discard it.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
HTTP is the new Bandwidth Hog...
|
|
MxxCon
join:1999-11-19
Brooklyn, NY
clubs:
| you know perfectly well if the far end crashed, it wouldn't generate RST. it wouldn't generate anything at all.
RST would be generated if far end decided to close the existing connection, which can be a valid request.
some bittorrent clients want to connect only to seeds, so the moment they see it's not a seed, they will abort such connection generating RST. blocking such packets will break your application |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
·Skype
1 edit | said by MxxCon :you know perfectly well With respect, your unnecessary attitude toward others does not promote friendliness. You called the previous poster's idea idiotic and you're being condescending to me.
In this case, you misunderstand how RST works. These are just facts, nobody wins or loses on the strength of their debating skills. It is whatever it is. We both learn about it by being here.
said by MxxCon :if the far end crashed, it wouldn't generate RST. it wouldn't generate anything at all. Right, but when network devices crash, they often reboot. When they come back up with no memory of the pre-crash states, then start receiving TCP packets on a closed port, they send RST in response.
This specific example is explained in RFC 793, Figure 11 (either page 34 or 35).
said by MxxCon :RST would be generated if far end decided to close the existing connection, which can be a valid request. If the far end decided to end the existing connection, FIN should be sent, not RST.
Anything is possible (there's an older Microsoft webserver that sends RST to kill the FIN's TIME_WAIT interval), but these exceptions are rare and usually pointed out as mistaken implementations.
said by MxxCon :some bittorrent clients want to connect only to seeds, so the moment they see it's not a seed, they will abort such connection generating RST. blocking such packets will break your application As said above, FIN not RST, is what should be sent. FIN completes the connection gracefully. RST can cause the loss of sent-but-unacknowledged data.
You can see this using Wireshark.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
HTTP is the new Bandwidth Hog...
|
|
Hehe
@ssa.gov
| Well, looking at the RFC it seems like we should not receive a RST while the connection is in the ESTABLISHED STATE. So, maybe we can drop RST if ESTABLISHED?
Anyone know how to make iptables do that?
And I assume I am not 100% correct! 
It just can't be that easy. |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
·Skype
| said by Hehe :Well, looking at the RFC it seems like we should not receive a RST while the connection is in the ESTABLISHED STATE. So, maybe we can drop RST if ESTABLISHED? Anyone know how to make iptables do that? And I assume I am not 100% correct! It just can't be that easy. RFC 793, Figure 11 would happen with one end in the Established state, thinking it was in a full-open connection when it actually is only in a half-open connection due to the remote host's reboot.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
HTTP is the new Bandwidth Hog...
|
|
