illegal packets

Linux Netfilter discussions
 help / color / mirror / Atom feed

* illegal packets
@ 2008-02-16 20:15 Robert M. Albrecht
  2008-02-16 20:51 ` Jozsef Kadlecsik
  0 siblings, 1 reply; 3+ messages in thread
From: Robert M. Albrecht @ 2008-02-16 20:15 UTC (permalink / raw)
  To: netfilter

Hi,

I keep getting this invalid packets, one to five per minute.

Why are the invalid ?

cu romal


Message from syslogd@gateway at Feb 16 20:39:27 ...

  kernel: nf_ct_tcp: invalid packed ignored IN= OUT= SRC=212.60.137.183 
DST=217.72.204.254 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=25024 DF PROTO=TCP 
SPT=52369 DPT=80 SEQ=4686532 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080A0244

Feb 16 20:39:27 gateway kernel: nf_ct_tcp: invalid packed ignored IN= OUT= 
SRC=212.60.137.183 DST=217.72.204.254 LEN=60 TOS=0x00 PREC=0x00 TTL=64 
ID=25024 DF PROTO=TCP SPT=52369 DPT=80 SEQ=4686532 ACK=0 WINDOW=5840 
RES=0x00 SYN URGP=0 OPT (020405B40402080A0244


Message from syslogd@gateway at Feb 16 20:39:33 ...

  kernel: nf_ct_tcp: invalid packed ignored IN= OUT= SRC=212.60.137.183 
DST=217.72.204.254 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=25025 DF PROTO=TCP 
SPT=52369 DPT=80 SEQ=4686532 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT 
(020405B40402080A0245

Feb 16 20:39:33 gateway kernel: nf_ct_tcp: invalid packed ignored IN= OUT= 
SRC=212.60.137.183 DST=217.72.204.254 LEN=60 TOS=0x00 PREC=0x00 TTL=64 
ID=25025 DF PROTO=TCP SPT=52369 DPT=80 SEQ=4686532 ACK=0 WINDOW=5840 
RES=0x00 SYN URGP=0 OPT (020405B40402080A0245



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: illegal packets
  2008-02-16 20:15 illegal packets Robert M. Albrecht
@ 2008-02-16 20:51 ` Jozsef Kadlecsik
  2008-02-16 21:08   ` Robert M. Albrecht
  0 siblings, 1 reply; 3+ messages in thread
From: Jozsef Kadlecsik @ 2008-02-16 20:51 UTC (permalink / raw)
  To: Robert M. Albrecht; +Cc: netfilter

On Sat, 16 Feb 2008, Robert M. Albrecht wrote:

> I keep getting this invalid packets, one to five per minute.
> 
> Why are the invalid ?

> kernel: nf_ct_tcp: invalid packed ignored IN= OUT= SRC=212.60.137.183 
> DST=217.72.204.254 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=25024 DF 
> PROTO=TCP SPT=52369 DPT=80 SEQ=4686532 ACK=0 WINDOW=5840 RES=0x00 SYN 
> URGP=0 OPT (020405B40402080A0244

This is a connection-initiating SYN packet, but there is an existing 
connection already between 212.60.137.183:52369<->217.72.204.254:80. 
So the firewall ignores the packet (does not take it into account at 
keeping track the connection, but lets it through). Probably it's a 
connection-reopening, which is not handled properly.

The newest git tree contains a fix for reopening connections. So either 
upgrade or ignore the invalid packet warnings ;-).

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: illegal packets
  2008-02-16 20:51 ` Jozsef Kadlecsik
@ 2008-02-16 21:08   ` Robert M. Albrecht
  0 siblings, 0 replies; 3+ messages in thread
From: Robert M. Albrecht @ 2008-02-16 21:08 UTC (permalink / raw)
  To: Jozsef Kadlecsik; +Cc: netfilter

Hi Jozsef,

thanks for your fast reply.

As newer kernels as 2.6.24 aren`t supported in OpenWRT I have to ignore it 
for the moment :-(

For the moment I have to remove the INVALID statement from my configuration 
for the recent-module, as recent puts this invalid packets on the blacklist.

cu romal


Jozsef Kadlecsik schrieb:
> On Sat, 16 Feb 2008, Robert M. Albrecht wrote:
> 
>> I keep getting this invalid packets, one to five per minute.
>>
>> Why are the invalid ?
> 
>> kernel: nf_ct_tcp: invalid packed ignored IN= OUT= SRC=212.60.137.183 
>> DST=217.72.204.254 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=25024 DF 
>> PROTO=TCP SPT=52369 DPT=80 SEQ=4686532 ACK=0 WINDOW=5840 RES=0x00 SYN 
>> URGP=0 OPT (020405B40402080A0244
> 
> This is a connection-initiating SYN packet, but there is an existing 
> connection already between 212.60.137.183:52369<->217.72.204.254:80. 
> So the firewall ignores the packet (does not take it into account at 
> keeping track the connection, but lets it through). Probably it's a 
> connection-reopening, which is not handled properly.
> 
> The newest git tree contains a fix for reopening connections. So either 
> upgrade or ignore the invalid packet warnings ;-).
> 
> Best regards,
> Jozsef
> -
> E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : KFKI Research Institute for Particle and Nuclear Physics
>           H-1525 Budapest 114, POB. 49, Hungary
> -
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2008-02-16 21:08 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-02-16 20:15 illegal packets Robert M. Albrecht
2008-02-16 20:51 ` Jozsef Kadlecsik
2008-02-16 21:08   ` Robert M. Albrecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox