Hello, I believe switching on keep-alive would perhaps sove that one ... <knip> Windows 2000 TCP keep-alive behavior can be modified by changing the values of the KeepAliveTime and KeepAliveInterval registry entries (HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters). TCP keep-alives can be sent once for every interval specified by the value of KeepAliveTime (defaults to 7,200,000 milliseconds, or two hours) if no other data or higher level keep-alives have been carried over the TCP connection. If there is no response to a keep-alive, it is repeated once every interval specified by the value of KeepAliveInterval in seconds. By default, the KeepAliveInterval entry is set to a value of one second. </knip>
Hope it helps, if not rebooot ;-) Jeremie Tat Wee Kan wrote: > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Monday, November 11, 2002 11:04 AM > Subject: Yahoo Messenger Stale Sessions > > > During my observation in daily use of Yahoo Messenger, my computer has > "stale/zombie" sessions. For example, If i have received/message a friend, > yahoo will normally make a direct connection from my PC to my friend. From > Netstat result, you can see a high port on my computer is having an > Established session with my peer's:5101 port. > > > > The issue is, after a contact has gone offline (dial-up), the state > established in the netstat will remain until the next day. I wouls see this > as a vulnerabilities, since an arbitrary user can assume the IP Address was > used (dial-up->dynamic ip assignment), and use this established session to > assume it. > > > > Any idea ? > > Hmm, I'm not an expert in this, but I do realize if the 4-way handshake for > terminating a connection is not done properly, e.g. the user switched off > his dial-up modem abruptly, it would cause the "stale/zombie" sessions > described as above. The dial-up machine will not have the opportunity to > send the FIN to your machine. > > You probably need to know the sequence number, source port, destination port > as well as source IP and destination IP (which you should know). -- "Ok, so the servers are down, the lights are out, and all I have to work with is a roll of duct tape, a ball point pen, a lighter, and a twenty year old copy of emacs. Where's the problem? "
