RE: [Full-disclosure] abnormal behavior Gmail logon

> Servers are supposed to send RST packets when they do that, but not all
> servers do it, and not all clients recognize those RST packets as
> indicating that the document they just downloaded is incomplete

Most of the clients do recognize and most web servers do correctly apply
use of RST and FIN for TCP/IP HTTP connection ending.

Problem is that some (most?)Proxy servers (nontransparent and probably
also transparent)  DO NOT. 

I tested 4 different proxy servers if they pass RST to client's browser
when original web server sent RST. All sent FIN instead of RST :(. (I
Did this test as I found other web apps. problems resulting from this
proxy behavior)

If anybody knows proxy which behaves 'correctly,' pls let me know.

 
Regards David Farinic 

-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Brian
Eaton
Sent: Wednesday, May 31, 2006 2:25 PM
To: Valdis.Kletnieks@vt.edu
Cc: full-disclosure@lists.grok.org.uk; Edward Pearson
Subject: Re: [Full-disclosure] abnormal behavior Gmail logon

On 5/31/06, Valdis.Kletnieks@vt.edu <Valdis.Kletnieks@vt.edu> wrote:
> On Wed, 31 May 2006 09:23:08 BST, Edward Pearson said:
> > This isn't abnormal or weird, It happens when your internet
connection
> > is fairly slow and its because you sometimes receive incomplete
headers
> > for the page (broken or garbled)
>
> If you have noisy hardware that's mangling data in transit, the
mangling will
> *usually* be detected by the checksums on each IP packet.  The reason
your
> connection gets slow is because if a corruption is detected, the
packet gets
> thrown out, and needs to be retransmitted by the sending system.

It is actually possible that the data sent in the HTTP connection is
getting mangled even though the TCP checksums are correct.  In one
mode of operation, HTTP allows a server to indicate when a document is
complete simply by closing a TCP connection.  If the server gets busy,
it might decide your client is just too slow to be worth dealing with
and close the connection early.  Servers are supposed to send RST
packets when they do that, but not all servers do it, and not all
clients recognize those RST packets as indicating that the document
they just downloaded is incomplete.

Regards,
Brian

  
This mail was checked for viruses by GFI MailSecurity. 
GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI 
FAXmaker), and network security and management software (GFI LANguard) - 
www.gfi.com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/