On Tue, 20 Jan 2009, in the Usenet newsgroup comp.os.linux.security, in article
<AImdnVST1ZGI8evUnZ2dnUVZ_orinZ2d.DeleteThis@supernews.com>, wordsmith wrote:
>just watching the packets go by with wireshark and trying to debug why
>my nntp service is so unreliable from day to day...noticed 5 or 6
>minutes after shutting down pan, and watching the process of a
>traceroute with the output from wireshark that something was sending
>udp packets to the nntp server...speculation?
http://www.catb.org/~esr/faqs/smart-questions.html
Without any details - SPECIFICALLY actual port numbers, which specific
news server, packet details, etc., all speculation is meaningless.
NNTP is a TCP protocol. Depending on the version of traceroute, it may
be using UDP (most *nix versions) or ICMP (b0rken versions - such as
TRACERT.EXE from microsoft), or even TCP (quite rare). Was the news
server _originating_ the packets, or replying to something you were
doing. Note also that UDP is trivial to spoof - so what was in those
packets? What port on "your" side? What did '/bin/netstat -anptu'
show?
As for "unreliable" NNTP, what exactly is that supposed to mean? What
news reader are you using? Pan? How? What distribution/release? Are
you using it native, or is some virtual stuff involved? What ELSE is
running?
Old guy
FAQ
Search
Profile
Private Messages
Log in
Linux