Re: scp dropping connections

To: netbsd-users%netbsd.org@localhost
Subject: Re: scp dropping connections
From: Swift Griggs <swiftgriggs%gmail.com@localhost>
Date: Thu, 7 Apr 2016 10:48:28 -0600 (MDT)

On Thu, 7 Apr 2016, Christos Zoulas wrote:
> >I attached gdb on sparc64 to sshd process and after 30 seconds got the
> >following
> Do you have a NAT/firewall and you don't have keep state in your pass rules?

I've also seen misconfigured NIDS system that are setup for TCP 
"shootdown" (ie..  sending RSTs to both sides with valid SEQ numbers 
causing an instant disconnect). Occasionally they will see something in 
the encrypted data stream (or just the fact that it's encrypted) and shoot 
down the connection because it violates some network policy (usually just 
misconfigured to think that).

If that's the cause, it's very easy to see it in a packet trace because 
all the sudden out of nowhere you just see an RST hit you and kill the 
connection. Then on the opposite (client) side, if you take a trace at the 
same time, you won't see it actually _sending_ the RST. Thus, you know a 
NIDS spoofed it.

-Swift

Follow-Ups:
- Re: scp dropping connections
  - From: Sad Clouds

References:
- scp dropping connections
  - From: Sad Clouds
- Re: scp dropping connections
  - From: Martin Husemann
- Re: scp dropping connections
  - From: Sad Clouds
- Re: scp dropping connections
  - From: Christos Zoulas

Prev by Date: Re: Graphics wiki page
Next by Date: NetBSD install and usage by the blind
Previous by Thread: Re: scp dropping connections
Next by Thread: Re: scp dropping connections
Indexes:

Home | Main Index | Thread Index | Old Index