Re: Aborted/dead network connections and other oddities

mjessup_at_yahoo.com
Date: 01/05/05 

Date: 5 Jan 2005 06:47:16 -0800

The solution to the problem is that IDENT requests were still being
sent, but by the TCP wrappers not by the FTP Server. I discovered this
using the packet sniffer "ethereal". To disable the IDENT requests
completely was a matter of bypassing the TCP Wrappers in the config for
inetd. Once this was done operation of the FTP server returned to
normal and there have been no problems noticed since.

mjessup@yahoo.com wrote:
> I have run into an odd network quirk. I am running a few slackware 9
> machines as web servers and recently they have been aborting
> connections, and seemingly locking out machines.
>
> The problems seem to begin when there is a mass file transfer. The
> machines have the standard proftpd running that comes with the OS
> distribution. It will transfer several file (usually on the order of
20
> or 30) and then the connection will abort.
>
> After the connection is aborted the connecting client machine seems
to
> be locked out of certain services. The first time the problem
occurred
> I was unable to make an ftp connection, an http connection (the
> machines are running apache2), and when attempting to ping I would
> recieve "ping transmit failed, error code 1314". However there were
no
> problems from other machines, and mysteriously I was still able to
ssh
> into these boxes from the same machine which would not ping them.
Then
> after a while (an hour or two) all of the problems would "magically"
> clear themselves up.
>
> After the ftp began failing I opened up a samba share for
transferring
> the files. The same behavior occurred. After writing 20 or 30 files
> (done through a SAS program to a mapped windows network drive) the
> connection would abort and the drive mounted to the samba share would
> become disconnected. To make things even more interesting a mass file
> copy (50+ files) from a local drive to the mapped drive would
complete
> succesfully.
>
> The boxes in question are part of a novell network, but are not
managed
> by novell. Also the same program from above will successfully write
all
> files to a shared drive managed by novell without error.
>
> Another noted difference is ftp connections seem to "hiccup" when
first
> connecting, i.e. the control conenction is made quickly, but then the
> user prompt from the server takes 5-10 seconds to be sent. Everything
I
> could find suggested disabling reverse dns and ident lookups on
> incoming connections, however doing this has had no effect. I also
> tried adding the connecting client machine to the server's hosts file
> but that also had no effect. However if an ftp conenction is
> established from one of the servers to the error this does not occur.
> Two of the machines are on the same subnet and one is not but all 3
> exhibit the same behavior.
>
> Also I can not tell if the apparent locking of access is based on IP
or
> MAC or something completely different. I am at a loss as to the cause
> of these problems. I am wondering if this may be some sort of a DoS
> prevention built in to the kernel or OS. If it is something in the
> client machines connecting, or something that the network is doing to
> the packets. The machines making the connections are all wintel
(except
> for the testing ive done between the different linux boxes).
>
> My current impression is that it is something low level in the TCP/IP
> but at this point that is merely a guess. Any ideas about where I
might
> look to diagnose this problem, log files, config files, etc. or any
> utilities such as packet sniffers etc to try and diagnose where
things
> are going wrong or any ideas about what the actual cause of this is
> would be greatly appreciated

Relevant Pages

  • [Full-disclosure] PlatinumFTP 1.0.18 remote DoS
    ... PlatinumFTPserver simplifies management of all your Ftp clients with ... PlatinumFTP 1.0.18 server. ... remote server has closed connection ... Second Bug: ...
    (Full-Disclosure)
  • adding a printer FIX
    ... server 2003 enterprise machine: IIS, mail and File server- and now partial ... internal XP machines ... the printers were not on the server itself. ... 4.Remote into the server again and run the new connection wizard select make ...
    (microsoft.public.windows.server.networking)
  • PlatinumFTP 1.0.18 remote DoS
    ... PlatinumFTPserver simplifies management of all your Ftp clients with ... PlatinumFTP 1.0.18 server. ... remote server has closed connection ... Second Bug: ...
    (Bugtraq)
  • Re: Windows 2003 SP2 and FTP
    ... with the windows firewall for our exchange servers. ... connect to the exchange server, we must disable the protect all connections ... Do you have anonymous access to your ftp enabled? ... "Connection closed by remote host". ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Adding Printer FIX
    ... server 2003 enterprise machine: IIS, mail and File server- and now partial ... internal XP machines PRO ... the printers were not on the server itself. ... without a physical connection to the server and no SCSI cards need be added. ...
    (microsoft.public.windows.server.networking)