TCP receive window set to 0; DoS or not?

• Previous message (by thread): TCP receive window set to 0; DoS or not?
• Next message (by thread): TCP receive window set to 0; DoS or not?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I've been seeing some systems that stop serving pages, and I also see
> the Linux "Treason Uncloaked!" kernel messages that indicate a remote
> system reduced its rcv win from 1 to 0... is there a non-malicious
> explanation for this, aside from a remote host running out of socket
> buffers?  Seems to happen too often for that to be the case, and
> my googling has shown that it may be outside of spec.  Certainly
> the warning is clear enough...

I've seen this, quite a bit, on some heavy traffic web clusters. Some 
impolite web browsers will shrink the TCP window to kill the socket 
connection instead of a proper fin/reset. 

- billn

• Previous message (by thread): TCP receive window set to 0; DoS or not?
• Next message (by thread): TCP receive window set to 0; DoS or not?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]