Re: SYNCOOKIE authentication problems

On Fri, Jun 29, 2007 at 11:51:40AM +0100, David Malone wrote:
On Wed, Jun 27, 2007 at 06:43:11PM -0700, Steve Kargl wrote:
Any advice on how to isolate or avoid?

Jun 27 18:31:19 node11 kernel: TCP: [192.168.0.11]:59661 to
[192.168.0.11]:63266 tcpflags 0x10<ACK>; syncache_expand: Segment failed
SYNCOOKIE authentication, segment rejected (probably spoofed)

It looks like you tried to open a TCP connection to yourself, but
the connection failed. You could try leaving a tcpdump running:

tcpdump -i whatever_interface -w /tmp/synfinrstdata -s 1500 'tcp[tcpflags] & (tcp-syn|tcp-fin|tcp-rst) != 0'

while your MPI app runs and then we can have a look at the packets
that caused the problem. The above should collect all TCP SYN, FIN
and RST packets, which would probably be enough to diagnose the
problem.


I placed synfinrstdata.gz at

http://troutmask.apl.washington.edu/~kargl/synfinrstdata.gz

The following were in /var/log/messages

Jun 29 09:21:58 node11 kernel: TCP: [192.168.0.12]:54528 to [192.168.0.11]:52690 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
Jun 29 09:22:01 node11 kernel: TCP: [192.168.0.15]:62391 to [192.168.0.11]:60621 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
Jun 29 09:26:43 node11 kernel: TCP: [192.168.0.11]:59578 to [192.168.0.11]:53378 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
Jun 29 09:27:51 node11 kernel: bge0: promiscuous mode disabled
Jun 29 09:28:05 node11 kernel: TCP: [192.168.0.11]:64006 to [192.168.0.11]:53378 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)


--
Steve
_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: SYNCOOKIE authentication problems
    ... SYNCOOKIE authentication, segment rejected ... It looks like you tried to open a TCP connection to yourself, ... You could try leaving a tcpdump running: ... and RST packets, which would probably be enough to diagnose the ...
    (freebsd-current)
  • Re: SYNCOOKIE authentication problems
    ... It looks like you tried to open a TCP connection to yourself, ... You could try leaving a tcpdump running: ... and RST packets, which would probably be enough to diagnose the ... Another tidbit, once the MPI app started to trash, I ran truss ...
    (freebsd-current)