From owner-freebsd-questions@FreeBSD.ORG Sun Jun 29 06:58:26 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B56B337B40A for ; Sun, 29 Jun 2003 06:58:26 -0700 (PDT) Received: from mta10.adelphia.net (mta10.adelphia.net [64.8.50.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBBEF44005 for ; Sun, 29 Jun 2003 06:58:25 -0700 (PDT) (envelope-from wmoran@potentialtech.com) Received: from potentialtech.com ([24.53.179.151]) by mta10.adelphia.net (InterMail vM.5.01.05.32 201-253-122-126-132-20030307) with ESMTP id <20030629135825.WNEF1347.mta10.adelphia.net@potentialtech.com>; Sun, 29 Jun 2003 09:58:25 -0400 Message-ID: <3EFEF081.2080405@potentialtech.com> Date: Sun, 29 Jun 2003 09:58:25 -0400 From: Bill Moran User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3) Gecko/20030429 X-Accept-Language: en-us, en MIME-Version: 1.0 To: budsz References: <20030628175128.GA4404@kumprang.or.id> <3EFDE02C.5010003@potentialtech.com> <20030629073309.GA19024@kumprang.or.id> In-Reply-To: <20030629073309.GA19024@kumprang.or.id> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: FreeBSD-Questions Subject: Re: What's this mean? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jun 2003 13:58:27 -0000 budsz wrote: > On Sat, Jun 28, 2003 at 02:36:28PM -0400, Bill Moran wrote: > >>in_chksum is a routine that validates the checksum of recieved network data. >>As far as I can tell from the code, that error means that the packet of data >>was three bytes shorter than it should have been. One way or the other it's >>a network problem. Could be crappy NIC or other hardware. Could be some >>sort >>of attack using invalid packets. I'm not familiar enough with that corner >>of >>the code to say for sure. >>Is this happening frequently? If you only saw the message once, you can >>probably ignore it as a network glitch, but if it's showing up often, you'd >>do well to track down the source and fix it. > > Thanks Bill for explanation. I assume if I under attack with invalid > packet of data maybe you've any advice to prevent this problem?. I'm guessing the problem is continuous. Start monitoring your network traffic with tcpdump or ethereal or whatever seems easiest for you. Search the Internet for information on short packet attacks or anything else that seems to be similar to your problem. Lock down your firewall rules in general. As I said before, I'm not expert enough to give you any specific advice on this particular issue, but standard security techniques still apply. -- Bill Moran Potential Technologies http://www.potentialtech.com