UNCLEAN - more, more, more information please
Maciej Soltysiak
solt@dns.toxicfilms.tv
Fri, 17 Aug 2001 16:22:02 +0200 (CEST)
> > ssh AAA.CCC.BBB.DDD
> >
> > UNCLEAN: IN= OUT=eth0 SRC=XXX.YYY.ZZ.AA DST=AAA.CCC.BBB.DDD LEN=60
> > TOS=0x00 PREC=0x00 TTL=64 ID=29556 PROTO=TCP SPT=2280 DPT=22 WINDOW=5840
> > RES=0x03 SYN URGP=0
> > OPT (020405B4010303000402080A0096CEE600000000)
>
> Have you read syslog at the time the packet was dropped ? Indeed, most
> unclean checks prints the reason of the 'uncleaness' before returning.
> Could you post those information too ?
thanks for the thip: i got 2 reason types:
Aug 17 15:30:27 dns kernel: ipt_unclean: TCP reserved bits not zero
Aug 17 15:57:06 dns kernel: ipt_unclean: TCP flags bad: 4
can you put some light on it? i guess that TCP flags bad: 4 mean an
illegal combination like: SYN/FIN, but which one: i could use a chart of
which bits mean which flags.
i've been reading tcp illustrated - it's my guide, but i haven't found any
information on reserved bits (maybe i didn't get to that part yet)
>
> I've posted 2 two patchs which fixes bad things in unclean. Have you
> tried to apply them ?
>
> TIA. Regards,
no, i have not seen them actually, i'll look for them :)
Thanks