[Gllug] One for the security gurus
Formi
rcarrera at formi.org.uk
Wed Sep 19 22:19:49 UTC 2001
On Wed, 19 Sep 2001, Alex Hudson wrote:
> On Wednesday 19 September 2001 20:03, you wrote:
> > I am observing something I don´t like in my syslog.
> >
> > kernel: Undo D-SACK 63.146.109.200/80 c2 10 ss2/65535 p0
> >
> > Am I wrong or this is not good ?
>
> Doesn't look un-good.
>
> Do you compile your own kernels? I presume so, because you have debugging
> enabled. The message is saying that your kernel was a little to aggressive
> fighting congestion - check tcp_try_undo_dsack. You have at least
> FASTRETRANS_DEBUG defined, if not more.
>
> I wouldn't compile a kernel with debugging info enabled; most of it is pretty
> useless unless you're actively following up a problem.
It is a 2.4.3-20mdk stock kernel, I did compile my own one but resulted
in a bigger one so I am using the stock one.
I don't remenber if I mentioned it but I am using Bastille as a firewall
iptables, not ipchains.
I checked the IP addresses and the answer is something like SERVER
FAILED.
I suppose I shouldn't even worry you with this because I only get those
single lines and it seems not to happen very often.
Watermarks,? , like those in some sound files ?
The last two emails needed ages to come back to my computer .....
>
> > For what I can assume is something to do with ss2 trying to access a web
> > server, I am running squid, so nobody should be doing that. Or even trying
> > to contact my port 80.
>
> You're trying to contact _their_ port 80, surely? If not, could you give us
> some more information on what that IP address means (if anything) to you?
>
> BTW - I know ss2/65535 looks like part of a tcp connection tuple; it's not.
> First clue is that the name is not fully qualified - if it was part of a
> connection tuple, that would make it a local machine. Simple inspection then
> says it's unlikely to be another machine. Second clue - the ss is a prefix,
> and the values (2/65535, both magical) are actually tcp_opt->snd_ssthresh and
> tcp_opt->prior_ssthresh - i.e., watermarks (not worth explaining :).
>
> Don't worry about it, and install a standard kernel for goodness' sakes ;)
>
> Cheers,
>
> Alex.
-- He who for pleasure dies, even death enjoys.
That is what my dad used to say to me after seeing me spending hours
in front of a computer.
Formi.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list