Re: 2.4.2 TCP window shrinking
Hello! In article <[EMAIL PROTECTED]> you wrote: > > TCP: peer xxx.xxx.1.11:41154/80 shrinks window 2442047470:1072:2442050944. > > Bad, what else can I say? > We need desperately to know exactly what OS the xxx.xxx.1.14 machine > is running. Because you've commented out the first two octets, I > cannot check this myself using nmap. Hope that helps: TCP: peer 192.115.216.67:4965/80 shrinks window 1189646194:1024:1189647309. Bad, what else can I say? TCP: peer 192.115.216.66:48184/80 shrinks window 1233448155:1024:1233449294. Bad, what else can I say? TCP: peer 192.115.216.67:4388/80 shrinks window 2353869396:1024:2353870499. Bad, what else can I say? TCP: peer 212.100.133.70:2228/80 shrinks window 3072654250:512:3072655786. Bad, what else can I say? TCP: peer 212.100.133.70:2228/80 shrinks window 3072657834:512:3072659370. Bad, what else can I say? TCP: peer 212.100.133.70:2228/80 shrinks window 3072658346:0:3072659370. Bad, what else can I say? TCP: peer 212.100.133.70:2228/80 shrinks window 3072658346:512:3072659370. Bad, what else can I say? TCP: peer 212.100.133.70:2243/80 shrinks window 3126499925:512:3126501461. Bad, what else can I say? TCP: peer 212.100.133.70:2243/80 shrinks window 3126500437:0:3126501461. Bad, what else can I say? TCP: peer 212.100.133.70:2243/80 shrinks window 3126500437:512:3126501461. Bad, what else can I say? TCP: peer 212.100.133.70:2243/80 shrinks window 3126503509:512:3126504533. Bad, what else can I say? TCP: peer 212.100.133.70:2243/80 shrinks window 3126505045:512:3126505591. Bad, what else can I say? TCP: peer 212.100.133.70:2243/80 shrinks window 3126505557:0:3126505591. Bad, what else can I say? TCP: peer 168.97.99.66:1759/80 shrinks window 3811940743:1460:3811943663. Bad, what else can I say? TCP: peer 192.115.216.67:1117/80 shrinks window 821320812:1024:821321847. Bad, what else can I say? TCP: peer 194.85.201.96:1231/80 shrinks window 1491890080:3072:1491893832. Bad, what else can I say? TCP: peer 194.85.201.96:1231/80 shrinks window 1491894368:3072:1491898120. Bad, what else can I say? TCP: peer 194.85.202.100:3072/80 shrinks window 1517168757:1536:1517171677. Bad, what else can I say? TCP: peer 147.226.5.4:18052/80 shrinks window 3091312994:2864:3091316312. Bad, what else can I say? TCP: peer 208.152.106.86:1496/80 shrinks window 1047754391:1072:1047755999. Bad, what else can I say? TCP: peer 193.235.226.2:57881/80 shrinks window 3860496316:2920:3860503895. Bad, what else can I say? TCP: peer 199.103.141.186:4260/80 shrinks window 1544210503:4380:1544216343. Bad, what else can I say? TCP: peer 194.85.204.37:62553/80 shrinks window 1582101904:0:1582101905. Bad, what else can I say? TCP: peer 168.97.99.66:4077/80 shrinks window 2705297980:1460:2705300900. Bad, what else can I say? TCP: peer 194.85.201.4:1483/80 shrinks window 3797292442:0:3797293210. Bad, what else can I say? TCP: peer 194.85.201.4:1483/80 shrinks window 3797293978:0:3797294746. Bad, what else can I say? TCP: peer 194.85.201.4:1483/80 shrinks window 3797295514:0:3797296282. Bad, what else can I say? TCP: peer 194.85.201.4:1483/80 shrinks window 3797297050:0:3797297818. Bad, what else can I say? TCP: peer 194.85.201.4:1483/80 shrinks window 3797298586:0:3797299354. Bad, what else can I say? TCP: peer 168.97.99.66:2466/80 shrinks window 879491421:1460:879494341. Bad, what else can I say? TCP: peer 140.140.59.101:2839/80 shrinks window 2408864318:1460:2408867238. Bad, what else can I say? TCP: peer 209.47.130.2:2166/80 shrinks window 2408449733:1072:2408450854. Bad, what else can I say? TCP: peer 194.85.201.4:1988/80 shrinks window 2620331555:0:2620332323. Bad, what else can I say? TCP: peer 194.85.201.4:1988/80 shrinks window 2620333091:0:2620333859. Bad, what else can I say? TCP: peer 194.85.201.4:1988/80 shrinks window 2620334627:0:2620335395. Bad, what else can I say? TCP: peer 213.189.85.106:1875/80 shrinks window 3265282896:2920:3265290197. Bad, what else can I say? TCP: peer 204.100.181.6:3081/80 shrinks window 3215499301:2920:3215503041. Bad, what else can I say? TCP: peer 140.228.46.0:1218/80 shrinks window 3743350500:1072:3743351700. Bad, what else can I say? TCP: peer 212.248.7.86:2382/80 shrinks window 3235025401:512:3235026937. Bad, what else can I say? TCP: peer 195.129.34.34:51780/80 shrinks window 1301988509:2920:1301992794. Bad, what else can I say? TCP: peer 195.75.131.34:34715/80 shrinks window 4249402792:1024:4249404950. Bad, what else can I say? TCP: peer 195.75.131.34:34715/80 shrinks window 4249403304:1024:4249404950. Bad, what else can I say? TCP: peer 195.75.131.34:34715/80 shrinks window 4249403816:1024:4249404950. Bad, what else can I say? TCP: peer 193.235.226.2:19253/80 shrinks window 180598643:2920:180603811. Bad, what else can I say? TCP: peer 194.85.202.123:1713/80 shrinks window 2313955067:0:2313955161. Bad, what else can I say? TCP: peer 193.235.226.2:50139/80 shrinks window 2386493452:2920:2386498376. Bad, what
Re: 2.4.2 TCP window shrinking
Hello! In article [EMAIL PROTECTED] you wrote: TCP: peer xxx.xxx.1.11:41154/80 shrinks window 2442047470:1072:2442050944. Bad, what else can I say? We need desperately to know exactly what OS the xxx.xxx.1.14 machine is running. Because you've commented out the first two octets, I cannot check this myself using nmap. Hope that helps: TCP: peer 192.115.216.67:4965/80 shrinks window 1189646194:1024:1189647309. Bad, what else can I say? TCP: peer 192.115.216.66:48184/80 shrinks window 1233448155:1024:1233449294. Bad, what else can I say? TCP: peer 192.115.216.67:4388/80 shrinks window 2353869396:1024:2353870499. Bad, what else can I say? TCP: peer 212.100.133.70:2228/80 shrinks window 3072654250:512:3072655786. Bad, what else can I say? TCP: peer 212.100.133.70:2228/80 shrinks window 3072657834:512:3072659370. Bad, what else can I say? TCP: peer 212.100.133.70:2228/80 shrinks window 3072658346:0:3072659370. Bad, what else can I say? TCP: peer 212.100.133.70:2228/80 shrinks window 3072658346:512:3072659370. Bad, what else can I say? TCP: peer 212.100.133.70:2243/80 shrinks window 3126499925:512:3126501461. Bad, what else can I say? TCP: peer 212.100.133.70:2243/80 shrinks window 3126500437:0:3126501461. Bad, what else can I say? TCP: peer 212.100.133.70:2243/80 shrinks window 3126500437:512:3126501461. Bad, what else can I say? TCP: peer 212.100.133.70:2243/80 shrinks window 3126503509:512:3126504533. Bad, what else can I say? TCP: peer 212.100.133.70:2243/80 shrinks window 3126505045:512:3126505591. Bad, what else can I say? TCP: peer 212.100.133.70:2243/80 shrinks window 3126505557:0:3126505591. Bad, what else can I say? TCP: peer 168.97.99.66:1759/80 shrinks window 3811940743:1460:3811943663. Bad, what else can I say? TCP: peer 192.115.216.67:1117/80 shrinks window 821320812:1024:821321847. Bad, what else can I say? TCP: peer 194.85.201.96:1231/80 shrinks window 1491890080:3072:1491893832. Bad, what else can I say? TCP: peer 194.85.201.96:1231/80 shrinks window 1491894368:3072:1491898120. Bad, what else can I say? TCP: peer 194.85.202.100:3072/80 shrinks window 1517168757:1536:1517171677. Bad, what else can I say? TCP: peer 147.226.5.4:18052/80 shrinks window 3091312994:2864:3091316312. Bad, what else can I say? TCP: peer 208.152.106.86:1496/80 shrinks window 1047754391:1072:1047755999. Bad, what else can I say? TCP: peer 193.235.226.2:57881/80 shrinks window 3860496316:2920:3860503895. Bad, what else can I say? TCP: peer 199.103.141.186:4260/80 shrinks window 1544210503:4380:1544216343. Bad, what else can I say? TCP: peer 194.85.204.37:62553/80 shrinks window 1582101904:0:1582101905. Bad, what else can I say? TCP: peer 168.97.99.66:4077/80 shrinks window 2705297980:1460:2705300900. Bad, what else can I say? TCP: peer 194.85.201.4:1483/80 shrinks window 3797292442:0:3797293210. Bad, what else can I say? TCP: peer 194.85.201.4:1483/80 shrinks window 3797293978:0:3797294746. Bad, what else can I say? TCP: peer 194.85.201.4:1483/80 shrinks window 3797295514:0:3797296282. Bad, what else can I say? TCP: peer 194.85.201.4:1483/80 shrinks window 3797297050:0:3797297818. Bad, what else can I say? TCP: peer 194.85.201.4:1483/80 shrinks window 3797298586:0:3797299354. Bad, what else can I say? TCP: peer 168.97.99.66:2466/80 shrinks window 879491421:1460:879494341. Bad, what else can I say? TCP: peer 140.140.59.101:2839/80 shrinks window 2408864318:1460:2408867238. Bad, what else can I say? TCP: peer 209.47.130.2:2166/80 shrinks window 2408449733:1072:2408450854. Bad, what else can I say? TCP: peer 194.85.201.4:1988/80 shrinks window 2620331555:0:2620332323. Bad, what else can I say? TCP: peer 194.85.201.4:1988/80 shrinks window 2620333091:0:2620333859. Bad, what else can I say? TCP: peer 194.85.201.4:1988/80 shrinks window 2620334627:0:2620335395. Bad, what else can I say? TCP: peer 213.189.85.106:1875/80 shrinks window 3265282896:2920:3265290197. Bad, what else can I say? TCP: peer 204.100.181.6:3081/80 shrinks window 3215499301:2920:3215503041. Bad, what else can I say? TCP: peer 140.228.46.0:1218/80 shrinks window 3743350500:1072:3743351700. Bad, what else can I say? TCP: peer 212.248.7.86:2382/80 shrinks window 3235025401:512:3235026937. Bad, what else can I say? TCP: peer 195.129.34.34:51780/80 shrinks window 1301988509:2920:1301992794. Bad, what else can I say? TCP: peer 195.75.131.34:34715/80 shrinks window 4249402792:1024:4249404950. Bad, what else can I say? TCP: peer 195.75.131.34:34715/80 shrinks window 4249403304:1024:4249404950. Bad, what else can I say? TCP: peer 195.75.131.34:34715/80 shrinks window 4249403816:1024:4249404950. Bad, what else can I say? TCP: peer 193.235.226.2:19253/80 shrinks window 180598643:2920:180603811. Bad, what else can I say? TCP: peer 194.85.202.123:1713/80 shrinks window 2313955067:0:2313955161. Bad, what else can I say? TCP: peer 193.235.226.2:50139/80 shrinks window 2386493452:2920:2386498376. Bad, what else can I
Re: 2.4.2 TCP window shrinking
David S. Miller wrote: > We need desperately to know exactly what OS the xxx.xxx.1.14 machine > is running. Because you've commented out the first two octets, I > cannot check this myself using nmap. I see them all the time on my sites. I have active mirrors so they abound. Here are a few, I've also attached nmap's guesses. TCP: peer 148.75.156.238:1025/7000 shrinks window 3317772066:0:3317772330. Bad, what else can I say? TCP: peer 195.226.233.21:1774/6660 shrinks window 2502834461:2920:2502837525. Bad, what else can I say? TCP: peer 195.39.136.145:1702/7000 shrinks window 2750401402:2920:2750405782. Bad, what else can I say? TCP: peer 213.189.87.228:1190/6660 shrinks window 2933193691:1072:2933194827. Bad, what else can I say? #1, unknown #2, running proxy squid/2.3.stable4, can't tell what OS is on it. #3, unknown #4, unknown #2 and #4 both have the following in http headers: Via: 1.1 netcache (NetCache 4.1R6) -d - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: 2.4.2 TCP window shrinking
Similar situation here: vanilla 2.4.2, with web serving/ftp/hotline/napster/etc., and I get this: TCP: peer 148.75.118.138:1360/6699 shrinks window 3200785160:0:3200795086. Bad, what else can I say? TCP: peer 148.75.118.138:1359/6699 shrinks window 3054879436:0:3054885108. Bad, what else can I say? TCP: peer 148.75.118.138:1360/6699 shrinks window 3201450202:0:3201458710. Bad, what else can I say? TCP: peer 148.75.118.138:1361/6699 shrinks window 3317649733:0:3317653987. Bad, what else can I say? TCP: peer 148.75.118.138:1359/6699 shrinks window 3054934738:0:3054940410. Bad, what else can I say? TCP: peer 148.75.118.138:1357/6699 shrinks window 2520518983:0:2520527491. Bad, what else can I say? TCP: peer 148.75.118.138:1359/6699 shrinks window 3054990040:0:3054995712. Bad, what else can I say? TCP: peer 148.75.118.138:1359/6699 shrinks window 3055011310:0:3055014146. Bad, what else can I say? TCP: peer 148.75.118.138:1360/6699 shrinks window 3201522520:0:3201528192. Bad, what else can I say? TCP: peer 148.75.118.138:1357/6699 shrinks window 2520598391:0:2520599809. Bad, what else can I say? TCP: peer 148.75.118.138:1359/6699 shrinks window 3055146020:0:3055148856. Bad, what else can I say? TCP: peer 148.75.118.138:1361/6699 shrinks window 3317713543:0:3317723469. Bad, what else can I say? TCP: peer 148.75.118.138:1360/6699 shrinks window 3201592002:0:3201599092. Bad, what else can I say? TCP: peer 148.75.118.138:1360/6699 shrinks window 3201593420:0:3201599092. Bad, what else can I say? TCP: peer 148.75.118.138:1357/6699 shrinks window 2520676381:0:2520680635. Bad, what else can I say? TCP: peer 148.75.118.138:1360/6699 shrinks window 3201607600:0:3201614690. Bad, what else can I say? Running nmap (v2.53) on that IP doesn't resolve to a known OS, so that doesn't help. Version 2.54BETA7 gives this output: Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ ) Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port All 1534 scanned ports on vsat-148-75-118-138.ssa7.mcl.starband.net (148.75.118.138) are: filtered Remote OS guesses: Apple LaserWriter 16/600 PS, HP 6P, or HP 5 Printer, Apple LaserWriter 8500 (PostScript version 3010.103), MultiTech MultiVOIP Version 2.01A Firmware, Mulit-Tech standalone firewall box, version 3, MultiTech CommPlete (modem server) RAScard, Xerox 8830 Plotter, Xerox DocuPrint C55, Xerox DocuPrint N40 Nmap run completed -- 1 IP address (1 host up) scanned in 163 seconds So that doesn't appear to help too much either. > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > A long time ago, in a galaxy far, far way, someone said... > > > > > Jim Woodward writes: > > > This has probably been covered but I saw this message in my logs and > > > wondered what it meant? > > > > > > TCP: peer xxx.xxx.1.11:41154/80 shrinks window 2442047470:1072:2442050944. > > > Bad, what else can I say? > > > > > > Is it potentially bad? - Ive only ever seen it twice with 2.4.x > > > > We need desperately to know exactly what OS the xxx.xxx.1.14 machine > > is running. Because you've commented out the first two octets, I > > cannot check this myself using nmap. > > I'm seeing similar messages on a web server running 2.4.2. > > Some of hosts I've seen it with are: > > 205.188.208.172 > 209.240.220.172 > 209.240.220.173 > 209.240.220.174 > 209.240.220.176 > 209.240.220.177 > 216.239.46.17 > 216.239.46.27 > 216.239.46.34 > 216.239.46.168 > 130.239.126.113 > 206.190.23.112 > 193.130.225.253 > > - -- > - -- > Phil Brutsche [EMAIL PROTECTED] > > GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC > GPG key id: 50DE1CFC > GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.0.4 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE6oEie/ZTSZFDeHPwRAg4UAKChgEkHgE84Q1OWsB5faZczFrFLjACdGkul > sViRgWXfFAlKa3W9V8+RAYs= > =wkJl > -END PGP SIGNATURE- > > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > Jesse Wyant - [EMAIL PROTECTED] I never met a man I didn't want to fight. -- Lyle Alzado, professional football lineman - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: 2.4.2 TCP window shrinking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > > Jim Woodward writes: > > This has probably been covered but I saw this message in my logs and > > wondered what it meant? > > > > TCP: peer xxx.xxx.1.11:41154/80 shrinks window 2442047470:1072:2442050944. > > Bad, what else can I say? > > > > Is it potentially bad? - Ive only ever seen it twice with 2.4.x > > We need desperately to know exactly what OS the xxx.xxx.1.14 machine > is running. Because you've commented out the first two octets, I > cannot check this myself using nmap. I'm seeing similar messages on a web server running 2.4.2. Some of hosts I've seen it with are: 205.188.208.172 209.240.220.172 209.240.220.173 209.240.220.174 209.240.220.176 209.240.220.177 216.239.46.17 216.239.46.27 216.239.46.34 216.239.46.168 130.239.126.113 206.190.23.112 193.130.225.253 - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6oEie/ZTSZFDeHPwRAg4UAKChgEkHgE84Q1OWsB5faZczFrFLjACdGkul sViRgWXfFAlKa3W9V8+RAYs= =wkJl -END PGP SIGNATURE- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: 2.4.2 TCP window shrinking
Jim Woodward writes: > This has probably been covered but I saw this message in my logs and > wondered what it meant? > > TCP: peer xxx.xxx.1.11:41154/80 shrinks window 2442047470:1072:2442050944. > Bad, what else can I say? > > Is it potentially bad? - Ive only ever seen it twice with 2.4.x We need desperately to know exactly what OS the xxx.xxx.1.14 machine is running. Because you've commented out the first two octets, I cannot check this myself using nmap. Later, David S. Miller [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: 2.4.2 TCP window shrinking
Jim Woodward writes: This has probably been covered but I saw this message in my logs and wondered what it meant? TCP: peer xxx.xxx.1.11:41154/80 shrinks window 2442047470:1072:2442050944. Bad, what else can I say? Is it potentially bad? - Ive only ever seen it twice with 2.4.x We need desperately to know exactly what OS the xxx.xxx.1.14 machine is running. Because you've commented out the first two octets, I cannot check this myself using nmap. Later, David S. Miller [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: 2.4.2 TCP window shrinking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... Jim Woodward writes: This has probably been covered but I saw this message in my logs and wondered what it meant? TCP: peer xxx.xxx.1.11:41154/80 shrinks window 2442047470:1072:2442050944. Bad, what else can I say? Is it potentially bad? - Ive only ever seen it twice with 2.4.x We need desperately to know exactly what OS the xxx.xxx.1.14 machine is running. Because you've commented out the first two octets, I cannot check this myself using nmap. I'm seeing similar messages on a web server running 2.4.2. Some of hosts I've seen it with are: 205.188.208.172 209.240.220.172 209.240.220.173 209.240.220.174 209.240.220.176 209.240.220.177 216.239.46.17 216.239.46.27 216.239.46.34 216.239.46.168 130.239.126.113 206.190.23.112 193.130.225.253 - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6oEie/ZTSZFDeHPwRAg4UAKChgEkHgE84Q1OWsB5faZczFrFLjACdGkul sViRgWXfFAlKa3W9V8+RAYs= =wkJl -END PGP SIGNATURE- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: 2.4.2 TCP window shrinking
Similar situation here: vanilla 2.4.2, with web serving/ftp/hotline/napster/etc., and I get this: TCP: peer 148.75.118.138:1360/6699 shrinks window 3200785160:0:3200795086. Bad, what else can I say? TCP: peer 148.75.118.138:1359/6699 shrinks window 3054879436:0:3054885108. Bad, what else can I say? TCP: peer 148.75.118.138:1360/6699 shrinks window 3201450202:0:3201458710. Bad, what else can I say? TCP: peer 148.75.118.138:1361/6699 shrinks window 3317649733:0:3317653987. Bad, what else can I say? TCP: peer 148.75.118.138:1359/6699 shrinks window 3054934738:0:3054940410. Bad, what else can I say? TCP: peer 148.75.118.138:1357/6699 shrinks window 2520518983:0:2520527491. Bad, what else can I say? TCP: peer 148.75.118.138:1359/6699 shrinks window 3054990040:0:3054995712. Bad, what else can I say? TCP: peer 148.75.118.138:1359/6699 shrinks window 3055011310:0:3055014146. Bad, what else can I say? TCP: peer 148.75.118.138:1360/6699 shrinks window 3201522520:0:3201528192. Bad, what else can I say? TCP: peer 148.75.118.138:1357/6699 shrinks window 2520598391:0:2520599809. Bad, what else can I say? TCP: peer 148.75.118.138:1359/6699 shrinks window 3055146020:0:3055148856. Bad, what else can I say? TCP: peer 148.75.118.138:1361/6699 shrinks window 3317713543:0:3317723469. Bad, what else can I say? TCP: peer 148.75.118.138:1360/6699 shrinks window 3201592002:0:3201599092. Bad, what else can I say? TCP: peer 148.75.118.138:1360/6699 shrinks window 3201593420:0:3201599092. Bad, what else can I say? TCP: peer 148.75.118.138:1357/6699 shrinks window 2520676381:0:2520680635. Bad, what else can I say? TCP: peer 148.75.118.138:1360/6699 shrinks window 3201607600:0:3201614690. Bad, what else can I say? Running nmap (v2.53) on that IP doesn't resolve to a known OS, so that doesn't help. Version 2.54BETA7 gives this output: Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ ) Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port All 1534 scanned ports on vsat-148-75-118-138.ssa7.mcl.starband.net (148.75.118.138) are: filtered Remote OS guesses: Apple LaserWriter 16/600 PS, HP 6P, or HP 5 Printer, Apple LaserWriter 8500 (PostScript version 3010.103), MultiTech MultiVOIP Version 2.01A Firmware, Mulit-Tech standalone firewall box, version 3, MultiTech CommPlete (modem server) RAScard, Xerox 8830 Plotter, Xerox DocuPrint C55, Xerox DocuPrint N40 Nmap run completed -- 1 IP address (1 host up) scanned in 163 seconds So that doesn't appear to help too much either. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... Jim Woodward writes: This has probably been covered but I saw this message in my logs and wondered what it meant? TCP: peer xxx.xxx.1.11:41154/80 shrinks window 2442047470:1072:2442050944. Bad, what else can I say? Is it potentially bad? - Ive only ever seen it twice with 2.4.x We need desperately to know exactly what OS the xxx.xxx.1.14 machine is running. Because you've commented out the first two octets, I cannot check this myself using nmap. I'm seeing similar messages on a web server running 2.4.2. Some of hosts I've seen it with are: 205.188.208.172 209.240.220.172 209.240.220.173 209.240.220.174 209.240.220.176 209.240.220.177 216.239.46.17 216.239.46.27 216.239.46.34 216.239.46.168 130.239.126.113 206.190.23.112 193.130.225.253 - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6oEie/ZTSZFDeHPwRAg4UAKChgEkHgE84Q1OWsB5faZczFrFLjACdGkul sViRgWXfFAlKa3W9V8+RAYs= =wkJl -END PGP SIGNATURE- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ Jesse Wyant - [EMAIL PROTECTED] I never met a man I didn't want to fight. -- Lyle Alzado, professional football lineman - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: 2.4.2 TCP window shrinking
David S. Miller wrote: We need desperately to know exactly what OS the xxx.xxx.1.14 machine is running. Because you've commented out the first two octets, I cannot check this myself using nmap. I see them all the time on my sites. I have active mirrors so they abound. Here are a few, I've also attached nmap's guesses. TCP: peer 148.75.156.238:1025/7000 shrinks window 3317772066:0:3317772330. Bad, what else can I say? TCP: peer 195.226.233.21:1774/6660 shrinks window 2502834461:2920:2502837525. Bad, what else can I say? TCP: peer 195.39.136.145:1702/7000 shrinks window 2750401402:2920:2750405782. Bad, what else can I say? TCP: peer 213.189.87.228:1190/6660 shrinks window 2933193691:1072:2933194827. Bad, what else can I say? #1, unknown #2, running proxy squid/2.3.stable4, can't tell what OS is on it. #3, unknown #4, unknown #2 and #4 both have the following in http headers: Via: 1.1 netcache (NetCache 4.1R6) -d - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/