Re: Can we block the reset packets?

Author	All Replies
funchords Hello Premium,MVM join:2001-03-11 Washington, DC ·Verizon Online DSL ·Skype 1 edit	reply to MxxCon Re: Can we block the reset packets? said by MxxCon : you know perfectly well With respect, your unnecessary attitude toward others does not promote friendliness. You called the previous poster's idea idiotic and you're being condescending to me. In this case, you misunderstand how RST works. These are just facts, nobody wins or loses on the strength of their debating skills. It is whatever it is. We both learn about it by being here. said by MxxCon : if the far end crashed, it wouldn't generate RST. it wouldn't generate anything at all. Right, but when network devices crash, they often reboot. When they come back up with no memory of the pre-crash states, then start receiving TCP packets on a closed port, they send RST in response. This specific example is explained in RFC 793, Figure 11 (either page 34 or 35). said by MxxCon : RST would be generated if far end decided to close the existing connection, which can be a valid request. If the far end decided to end the existing connection, FIN should be sent, not RST. Anything is possible (there's an older Microsoft webserver that sends RST to kill the FIN's TIME_WAIT interval), but these exceptions are rare and usually pointed out as mistaken implementations. said by MxxCon : some bittorrent clients want to connect only to seeds, so the moment they see it's not a seed, they will abort such connection generating RST. blocking such packets will break your application As said above, FIN not RST, is what should be sent. FIN completes the connection gracefully. RST can cause the loss of sent-but-unacknowledged data. You can see this using Wireshark. -- Robb Topolski -= funchords.com =- Hillsboro, Oregon HTTP is the new Bandwidth Hog...
	to forum · permalink · · 2008-05-31 20:59:57 ·
Hehe @ssa.gov	Well, looking at the RFC it seems like we should not receive a RST while the connection is in the ESTABLISHED STATE. So, maybe we can drop RST if ESTABLISHED? Anyone know how to make iptables do that? And I assume I am not 100% correct! It just can't be that easy.
Hehe @ssa.gov	to forum · permalink · 2008-06-02 15:25:33 ·
funchords Hello Premium,MVM join:2001-03-11 Washington, DC ·Verizon Online DSL ·Skype	said by Hehe : Well, looking at the RFC it seems like we should not receive a RST while the connection is in the ESTABLISHED STATE. So, maybe we can drop RST if ESTABLISHED? Anyone know how to make iptables do that? And I assume I am not 100% correct! It just can't be that easy. RFC 793, Figure 11 would happen with one end in the Established state, thinking it was in a full-open connection when it actually is only in a half-open connection due to the remote host's reboot. -- Robb Topolski -= funchords.com =- Hillsboro, Oregon HTTP is the new Bandwidth Hog...
	to forum · permalink · · 2008-06-02 16:27:35 ·


Thursday, 03-Dec 02:11:58	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF