Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

RE: abnormal behavior Gmail logon
From: "David Farinic" <davidfa () gfi com>
Date: Wed, 31 May 2006 14:38:19 +0200
Servers are supposed to send RST packets when they do that, but not all
servers do it, and not all clients recognize those RST packets as
indicating that the document they just downloaded is incomplete


Most of the clients do recognize and most web servers do correctly apply
use of RST and FIN for TCP/IP HTTP connection ending.

Problem is that some (most?)Proxy servers (nontransparent and probably
also transparent)  DO NOT. 

I tested 4 different proxy servers if they pass RST to client's browser
when original web server sent RST. All sent FIN instead of RST :(. (I
Did this test as I found other web apps. problems resulting from this
proxy behavior)

If anybody knows proxy which behaves 'correctly,' pls let me know.

 
Regards David Farinic 

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Brian
Eaton
Sent: Wednesday, May 31, 2006 2:25 PM
To: Valdis.Kletnieks () vt edu
Cc: full-disclosure () lists grok org uk; Edward Pearson
Subject: Re: [Full-disclosure] abnormal behavior Gmail logon

On 5/31/06, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:

On Wed, 31 May 2006 09:23:08 BST, Edward Pearson said:

This isn't abnormal or weird, It happens when your internet

connection

is fairly slow and its because you sometimes receive incomplete

headers

for the page (broken or garbled)


If you have noisy hardware that's mangling data in transit, the

mangling will

*usually* be detected by the checksums on each IP packet.  The reason

your

connection gets slow is because if a corruption is detected, the

packet gets

thrown out, and needs to be retransmitted by the sending system.


It is actually possible that the data sent in the HTTP connection is
getting mangled even though the TCP checksums are correct.  In one
mode of operation, HTTP allows a server to indicate when a document is
complete simply by closing a TCP connection.  If the server gets busy,
it might decide your client is just too slow to be worth dealing with
and close the connection early.  Servers are supposed to send RST
packets when they do that, but not all servers do it, and not all
clients recognize those RST packets as indicating that the document
they just downloaded is incomplete.

Regards,
Brian

  
This mail was checked for viruses by GFI MailSecurity. 
GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI FAXmaker), and network security and 
management software (GFI LANguard) - www.gfi.com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]