[Nottingham] Odd behaviour in KDE
Iain Lennon
nottingham at mailman.lug.org.uk
Thu Aug 21 08:39:00 2003
Okay, I've disabled shorewall with "shorewall clear". The file transfer
problem is still there, so unlikely to be related to that I think.
I'm going back to my book on red hat 7.2 to learn more about networks, then
I'll see if I can learn how to use ethereal (!).
Iain
On Thursday 21 Aug 2003 07:39, Iain Lennon wrote:
> I'm using shorewall with pretty much the default configuration, with a few
> additional rules to deny ports to the internet which seemed unblocked using
> the scan.sygate.com site to check (this site seems quite a useful tool!)
>
> I'll go back and have a look at the internal network rules, but I'm pretty
> sure I'm allowing all traffic
>
> On Wednesday 20 Aug 2003 16:02, Robert Davies wrote:
> > On Wednesday 20 Aug 2003 14:28, Iain Lennon wrote:
> > > Aug 4 16:35:37 whitetower snort: [1:521:1] MISC Large UDP Packet
> > >
> > > [Classification: Potentially Bad Traffic] [Priority: 2]: {UDP}
> > > 192.168.1.2:800 -> 192.168.1.1:2049
> > >
> > > Just an example.
> > >
> > > MTUs on all machines were set at 1500 (obviously a default). Searching
> > > the mailing lists for wlan-ng a setting of 2346 was evidently the
> > > setting to use,
> >
> > I've read, that according to the RFC UDP packets with payload larger than
> > 512 bytes do not have to be supported by hosts on the Internet, so that
> > warning might simply be about large UDP packets, generated by something
> > like NFS.
> >
> > Your symptoms are very similar to a problem I encountered when Solaris2
> > was first getting deployed. It set the Do Not Fragment bits and some
> > routers, didn't handle it properly, or the ICMP messages might have been
> > filtered away, so the host could never discover it's packet size was
> > larger than the MTU at some point on the path.
> >
> > So have you some heavy duty firewall filtering for security purposes that
> > might be throwing away ICMP messages, telling your host to reduce it's
> > transmission size?
> >
> > Rob
> >
> >
> > _______________________________________________
> > Nottingham mailing list
> > Nottingham@mailman.lug.org.uk
> > http://mailman.lug.org.uk/mailman/listinfo/nottingham
> >
> > ________________________________________________________________________
> > This email has been scanned using the CleanPort MEF antivirus
> > system. Funded for members by the Doctors.net.uk Bulletin service
> > How does this protect me? http://www.Doctors.net.uk/qualityemail
> > ________________________________________________________________________
>
> --
> Dr Iain Lennon
>
> _______________________________________________
> Nottingham mailing list
> Nottingham@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/nottingham
>
> ________________________________________________________________________
> This email has been scanned using the CleanPort MEF antivirus
> system. Funded for members by the Doctors.net.uk Bulletin service
> How does this protect me? http://www.Doctors.net.uk/qualityemail
> ________________________________________________________________________
--
Dr Iain Lennon