[ale] Iptables: Packets from port 80 to unestablished ports
Jason Day
jasonday at worldnet.att.net
Wed Jul 30 12:01:19 EDT 2003
On Wed, Jul 30, 2003 at 10:32:11AM -0400, Dow Hurst wrote:
> So to clarify this:
>
> Are you saying that these web servers are sending ACKs to unrelated high
> port numbers to accelerate the response of the client? Sending the ACK
> to a different port number than the port that would be appropriate is a
> violation of the normal TCP protocol as y'all have stated. So it looks
> like an attack/probe to the firewall.
> Dow
MicroSoft is using a clever but dubious trick to accelerate browsing
from IE <--> IIS. Basically, IIS leaves TCP connections half open, and
IE tries using a half open connection first when it contacts a server.
That way most of the TCP handshake is bypassed, and browsing is faster.
As long as you're using IE and IIS.
There is a much better discussion and analysis here:
http://www.mail-archive.com/mozilla-netlib@mozilla.org/msg01571.html
--
Jason Day jasonday at
http://jasonday.home.att.net worldnet dot att dot net
"Of course I'm paranoid, everyone is trying to kill me."
-- Weyoun-6, Star Trek: Deep Space 9
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list