FreeBSD ZeroWindow and Dup Ack problem
Sergey E. Ponomarev <pse@aaagroup.ru>
pse at aaagroup.ru
Sat Feb 11 08:09:09 UTC 2017
Hi,
I'm using squid 3.5.22 on FreeBSD 10.3 server with Kerberos AD Auth.
Recently, I noticed an extreamly large number of packets to and from
squid.
Tcpdump shows a lot of TCP ZeroWindow and TCP Dup Ack packages to/from
different windows hosts (see attachment, pay attention to time column).
Huge amount of small packets, It's really looks like a DOS.
I think that the DUP ACK packets should be sent with a certain delay,
but I can not find this setting.
I tried to delete all settings from /boot/loader.conf and
/etc/sysctl.conf with no luck.
Thanks for any help.
--
Best regards,
Sergey Ponomarev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2.pcap
Type: application/octet-stream
Size: 1852 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20170211/e65d0569/attachment.obj>
More information about the freebsd-questions
mailing list