Re: Update: Subtle data corruption of TCP streams

From: Austin Schutz (tex@off.org)
Date: Fri Mar 24 2000 - 21:04:57 EST


[bugtraq removed from cc:]

        I've noticed this problem on my network. I'm behind an Ascend
pipeline 50. I had thought that this might be the root of the problem.
Supposedly there's something similar reported as a problem with older
ascend software.

        Any idea what the other people experiencing the prolbem are using
as gateway routers?

        Austin
On Fri, Mar 24, 2000 at 04:26:13PM -0800, Blu3Viper wrote:
> How about taking this to linux-kernel for discussion since it appears to be
> a development kernel bug possibly?
>
> -d
>
> On Fri, 24 Mar 2000, Wietse Venema wrote:
>
> > Date: Fri, 24 Mar 2000 10:38:36 -0500
> > From: Wietse Venema <wietse@PORCUPINE.ORG>
> > To: BUGTRAQ@SECURITYFOCUS.COM
> > Subject: Update: Subtle data corruption of TCP streams
> >
> > Apparently, once instance of this data corruption problem is caused
> > by an unnamed bandwidth management system. It runs as a bridge,
> > and does not show up in traceroute etc. output. We were able to
> > estimate its location (at 5 ms round-trip time from one endpoint)
> > by analyzing packet arrival times.
> >
> > Until now, this TCP data corruption problem has been observed only
> > when one of the connection endpoints runs a recent LINUX version.
> > Sightings have been reported by sites in Germany and in France.
> >
> > Only recent LINUX versions request the use of timestamp options
> > that cause the tell-tale patterns of "01 01 08 0a" in TCP packets,
> > and that end up being regurgitated as ^A^A^H^J data.
> >
> > I have updated the analysis at ftp://ftp.porcupine.org/pub/debugging/
> >
> > Wietse
> >
> > Wietse Venema:
> > > This note is about a subtle data corruption problem with TCP data
> > > streams that may bite people as more and more (LINUX) systems are
> > > sending network traffic with TCP-level options turned on.
> > >
> > > Last week, several Postfix users reported mail delivery failures
> > > because sequences of control characters (for example, ^A^A^H) were
> > > being inserted into their SMTP connections, resulting in SMTP
> > > protocol errors and non-delivery of email.
> > >
> > > These data corruption problems are not host specific: they are
> > > observed with both Linux and BSD/OS systems, and with mail sent to
> > > and/or received from systems running Postfix, Sendmail and qmail.
> > >
> > > Over the weekend of March 18, 2000, a few people left tcpdump
> > > running on their machines, in order to record some of these corrupted
> > > SMTP sessions. This note is based on an analysis of that data.
> >
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Fri Mar 31 2000 - 21:00:14 EST