"Jesus M. Salvo Jr." wrote:
>
> There's another possible reason for those logs.
>
> In our case, we have 2 SPARC Solaris that have the same public IP
> address ( different internal IP address of course ), and the Cisco load
> balancer would do a check by sending TCP_SYN to each of them internal IP
> addresses that are mapped to that public IP.... but once it receives a
> TCP_ACK, the router would send a TCP_RST or TCP_FIN. This will tell the
> router that the service on that IP & port is alive. It seem to do this
> every minute.
This is the same effect as a user aborting the request while his browser
is setting up the connection.
However, most OS:es simply discard such incomplete connection request
without notifying the application as the connection has not yet been
established (no ACK received to the SYN+ACK sent by the server). Some
OS:es like Solaris however seem to do notify the application unless
under high load (SYN attack).
If however the connection is reset after the TCP handshake has finisied
then it can be expected that more OS:es do notify the application that
there has been a established connection which got immediately reset.
Regards
Henri
Received on Tue Apr 01 2003 - 01:06:56 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:34 MST