[Gllug] One for the security gurus

Formi rcarrera at formi.org.uk
Wed Sep 19 22:19:49 UTC 2001


On Wed, 19 Sep 2001, Alex Hudson wrote:

> On Wednesday 19 September 2001 20:03, you wrote:
> >  I am observing something I don´t like in my syslog.
> >
> >  kernel: Undo D-SACK 63.146.109.200/80 c2 10 ss2/65535 p0
> >
> >  Am I wrong or this is not good ?
>
> Doesn't look un-good.
>
> Do you compile your own kernels? I presume so, because you have debugging
> enabled. The message is saying that your kernel was a little to aggressive
> fighting congestion - check tcp_try_undo_dsack. You have at least
> FASTRETRANS_DEBUG defined, if not more.
>
> I wouldn't compile a kernel with debugging info enabled; most of it is pretty
> useless unless you're actively following up a problem.


  It is a 2.4.3-20mdk stock kernel, I did compile my own one but resulted
 in a bigger one so I am using the stock one.

 I don't remenber if I mentioned it but I am using Bastille as a firewall
 iptables, not ipchains.

 I checked the IP addresses and the answer is something like SERVER
 FAILED.

 I suppose I shouldn't even worry you with this because I only get those
 single lines and it seems not to happen very often.

 Watermarks,? , like those in some sound files ?


 The last two emails needed ages to come back to my computer .....


>
> >  For what I can assume is something to do with ss2 trying to access a web
> > server, I am running squid, so nobody should be doing that. Or even trying
> > to contact my port 80.
>
> You're trying to contact _their_ port 80, surely? If not, could you give us
> some more information on what that IP address means (if anything) to you?
>
> BTW - I know ss2/65535 looks like part of a tcp connection tuple; it's not.
> First clue is that the name is not fully qualified - if it was part of a
> connection tuple, that would make it a local machine. Simple inspection then
> says it's unlikely to be another machine. Second clue - the ss is a prefix,
> and the values (2/65535, both magical) are actually tcp_opt->snd_ssthresh and
> tcp_opt->prior_ssthresh - i.e., watermarks (not worth explaining :).
>
> Don't worry about it, and install a standard kernel for goodness' sakes ;)
>
> Cheers,
>
> Alex.


-- He who for pleasure dies, even death enjoys.

   That is what my dad used to say to me after seeing me spending hours
   in front of a computer.
                                               Formi.












-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list