Re: Bad winsock behavior with SynAttackProtect and listen backlog exceeded

"Tom Stewart" <tastewar@xxxxxxxxxxxxxxxxx> wrote in message
news:eBl3Ys72FHA.700@xxxxxxxxxxxxxxxxxxxxxxx
> "The listen function is typically used by servers that can have more than
> one connection
> request at a time. If a connection request arrives and the queue is full,
> the client will
> receive an error with an indication of WSAECONNREFUSED."
>
> We started getting problems when customers implemented SP1 on their
> Windows Server 2003
> boxes. We'd see clients who thought they had successfully connected, but
> who would get a
> RESET back from the server immediately after the 3-way handshake (SYN,
> SYN-ACK, ACK). This
> seems *completely broken* to me.

Broken it may be - and it's certainly not what the TCP standards docs imply.

However, your clients need to accept that this behaviour may occur - and not
just because of SynAttackProtect. If the client connects to a server that
has chosen to bar their IP address, for instance, the TCP stack at the
server will accept the connection before allowing the server's accept() call
to complete, at which point the server will close the connection forcibly,
resulting in the SYN, SYN-ACK, ACK, RST behaviour that you're seeing.

Note that there are many Windows TCP violations - my favourite, that I've
been campaigning against (with no success) for over a decade, is that a full
listen backlog queue causes a RST, when instead it should cause no traffic.
(i.e. a SYN arriving at a socket that has all its backlog queue filled with
connections waiting to be accepted, should be ignored - but Windows sends a
RST incorrectly instead).

This is hardly one worth getting so het up about.

Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@xxxxxxxxxx
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.


.

Relevant Pages

  • Re: Client Connection Error (TNS-12518 TNS-12560 TNS-00530)
    ... we have a problem connecting to an Oracle DB 10.2 in a Windows ... OS user on the client pc does have admin rights, ... connection works fine as well. ... Server: Windows 2003 Server SP2 ...
    (comp.databases.oracle.server)
  • Re: Cannot connect to the Internet
    ... My Windows 2000 pro PC is connected to the internet (Local Area ... Connection 2 Status icon shows "Connected" with a speed of 10.0 ... The master browser has received a server announcement from ... The DNS Client service could not contact any DNS servers ...
    (microsoft.public.mac.virtualpc)
  • RE: Printing from Win9x clients stops
    ... Open Server Management. ... then right-click the name of the computer running Windows Small Business ... >From the client computer: ... The Select Network Component Type ...
    (microsoft.public.windows.server.sbs)
  • Re: Client Connection Error (TNS-12518 TNS-12560 TNS-00530)
    ... we have a problem connecting to an Oracle DB 10.2 in a Windows ... OS user on the client pc does have admin rights, ... connection works fine as well. ... Server: Windows 2003 Server SP2 ...
    (comp.databases.oracle.server)
  • Re: .Net Scalability problem
    ... LoadRunner will peak out a server with a few virtual users. ... To get an idea of load, ... Fire off the test client and watch the number of ... > So I think that the MTC generate concurrent connection and per ...
    (microsoft.public.dotnet.framework.adonet)