North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: TCP receive window set to 0; DoS or not?
> I've been seeing some systems that stop serving pages, and I also see > the Linux "Treason Uncloaked!" kernel messages that indicate a remote > system reduced its rcv win from 1 to 0... is there a non-malicious > explanation for this, aside from a remote host running out of socket > buffers? Seems to happen too often for that to be the case, and > my googling has shown that it may be outside of spec. Certainly > the warning is clear enough... I've seen this, quite a bit, on some heavy traffic web clusters. Some impolite web browsers will shrink the TCP window to kill the socket connection instead of a proper fin/reset. - billn