kuznet@ms2.inr.ac.ru wrote:
>
> Hello!
>
> > I'll keep looking.
>
> Is it easy to reproduce? If so, try to make tcpdump, which
> covers one of these messages.
It's extremely rare. We maintain persistent connections open for long
periods of time and even though a user who triggered it is online, it
only triggers the message a maximum of 26 times (typically ~4) and the
traffic volume we handle, it is not extremely practical for me to log
all traffic.
Of the IPs which triggered the response and were online at the time,
every single one of thm has either not had any ports open, been
firewalled or had nmap not be able to guess correctly with a single
exception of a machine which nmap said was "Windows NT4 / Win95 / Win98,
Windows NT 4 SP3, Windows NT 4.0 Server SP5 + 2047 Hotfixes." that had
port 1500/tcp (vlsi-lm) open.
However, during the scan, nmap reported that the report server was
sending RST from port 1500. One thing I did notice is that most of the
machines which I could ping that triggered this message were extremely
lagged (ping times 800+).
I'll keep trying though.
Jordan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Oct 23 2000 - 21:00:15 EST