EPS
join:2008-02-13
Hingham, MA | The problem... remains that we don't know how many of these RST packets are forged, or are legitimate. |
|
 CabalPremium
join:2007-01-21
Austin, TX
 ·Suddenlink
| said by EPS:remains that we don't know how many of these RST packets are forged, or are legitimate. Ding ding. RST packets are a normal part of the BitTorrent protocol.
--
Interested in open source engine management for your Subaru? |
|
|
|
 funchordsHelloPremium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:5 | said by Cabal:RST packets are a normal part of the BitTorrent protocol. No, they absolutely are not. RST is part of the TCP protocol, and should only happen if the distant peer has gone offline or crashed. Yes, this happens. I documented that in my original report.
If someone is seeing results north of 10%, it should be checked out. If it isn't in the users' own LAN, then it probably will turn out to be spoofing by either the ISP or one of its transit providers.
Either way, a trace will be needed.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
|
|
wierdo
join:2001-02-16
Tulsa, OK Reviews:
·Cox HSI
 ·T-Mobile US
| said by funchords:If someone is seeing results north of 10%, it should be checked out. If it isn't in the users' own LAN, then it probably will turn out to be spoofing by either the ISP or one of its transit providers. Sadly, that's probably pretty common thanks to screwed up NAT appliances dropping things on the floor, especially under the high connection loads that most BitTorrent clients generate.
It goes like this:
1) NAT box runs out of space in table, drops old connections
2) Packet comes in from remote peer that NAT box no longer knows about
3) NAT box sends RST to remote peer
4) Local machine tries to use the connection it still considers open
5) Remote end sends back RST
To both ends this looks like a middlebox spoofing an RST. The same thing can happen in some operating systems even without a NAT box, as certain OSes don't handle enormous volumes of open connections very well.
It will continue to be a problem as long as vendors try to get away with selling SOHO routers that have almost no RAM. I used to have that happen to me (obviously not from BitTorrent) back when I was using a 386 with 4MB of RAM as my (dial up, later ISDN) router many years ago, and that had the advantage of swap space.
I suspect Comcast originally thought their illegitimate RSTs would be mostly attributed to the poorly implemented user equipment. I wouldn't be surprised if BellSouth is so high on the list because they were giving away some particularly poor router to new customers.
--
It's wierdo, not weirdo. Yes, I know that's not the 'proper' spelling of the similar english language word.  |
|
