Mr. Soltysiak,
--- Maciej Soltysiak <[EMAIL PROTECTED]> wrote:
> Hello,
>
> i have been tcpdumping traffic comming from a MUD server somewhere in the
> US. I was amazed to see that the packets had TOS set to 0x80.
>
> It is interractive traffic, client (telnet) sets to 0x10 (minimize-delay),
> and the server should echo back the TOS. Normally, i have never seen
> MUD echo back the TOS, so this 0x80 was strange to see.
>
> I decided to ping every router on the way to the host and check echoing
> the TOS byte.
>
> I found that anywhere i send my packets, there always be a host that will
> set the TOS to 0x80 on its outgoing packets.
The two IPs you give below are probably fringe routers in your ISP's
backbone that connect to the Net core.
>
> on many paths (www.southafrica.co.za, www.wanadoo.fr, www.reliz.ru) there
> is 134.222.110.249
>
> which does that.
> I was pinging the host and in the same time tcpdumping traffic.
>
> Also, in some other directions (www.google.com, diablo.mudshell.com,
> www.sex.co.nz) there is
>
> 208.48.23.153, which does the same thing.
>
> I am worried, because if some server beyound those routers set TOS to have
> their traffic well served, its packets' TOS will be changed. eg. from 0x10
> to 0x80. which zeroes out the TOS bit and sets precedence.
>
> Any really remote host i tried had tos 0x80 set on both icmp and tcp.
>
> This is strange, is it misconfiguration or policy?
Probably involuntary policy, IMVHO - the admins of these routers probably
skipped the question "Do you want to configure Type of Service (TOS) for your
shiny new Packet Filters?" ;)
>
> Regards,
> Maciej Soltysiak
>
>
>
=====
Brad Chapman
Permanent e-mail: [EMAIL PROTECTED]
Current e-mail: [EMAIL PROTECTED]
Alternate e-mail: [EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
