store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Wed Jun 19, 2013 1:57 pm

View unanswered posts | View active topics


Board index » Customer Support Forums » Atomic Secured Linux Support

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 7 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
nobody
 Post subject: kernel dropping lo packets
Unread postPosted: Tue Oct 25, 2011 2:06 pm 
Offline
Forum Regular
Forum Regular

Joined: Sun Mar 29, 2009 6:52 pm
Posts: 348
Hi guys.

I just got some weird messages in console from the ASL kernel. It is dropping packets from localhost.
Do you have any idea why this happens ?

Regards

Code:
server kernel: nf_ct_ftp: dropping packetIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=98 TOS=0x00 PREC=0x00 TTL=64 ID=45119 DF PROTO=TCP SPT=21 DPT=50095 SEQ=2032118751 ACK=2029890080 WINDOW=256 RES=0x00 ACK PSH URGP=0 OPT (0101080A1A6E1EEF1A6E1EEF) UID=0 GID=0

Message from syslogd@ at Tue Oct 25 17:55:32 2011 ...
server kernel: nf_ct_ftp: dropping packetIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=98 TOS=0x00 PREC=0x00 TTL=64 ID=45120 DF PROTO=TCP SPT=21 DPT=50095 SEQ=2032118751 ACK=2029890080 WINDOW=256 RES=0x00 ACK PSH URGP=0 OPT (0101080A1A6E1FC41A6E1EEF) UID=0 GID=0

Message from syslogd@ at Tue Oct 25 17:55:33 2011 ...
server kernel: nf_ct_ftp: dropping packetIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=98 TOS=0x00 PREC=0x00 TTL=64 ID=45121 DF PROTO=TCP SPT=21 DPT=50095 SEQ=2032118751 ACK=2029890080 WINDOW=256 RES=0x00 ACK PSH URGP=0 OPT (0101080A1A6E216E1A6E1EEF) UID=0 GID=0

Message from syslogd@ at Tue Oct 25 17:55:33 2011 ...
server kernel: nf_ct_ftp: dropping packetIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=98 TOS=0x00 PREC=0x00 TTL=64 ID=45122 DF PROTO=TCP SPT=21 DPT=50095 SEQ=2032118751 ACK=2029890080 WINDOW=256 RES=0x00 ACK PSH URGP=0 OPT (0101080A1A6E24C21A6E1EEF) UID=0 GID=0

Message from syslogd@ at Tue Oct 25 17:55:33 2011 ...
server kernel: nf_ct_ftp: dropping packetIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=98 TOS=0x00 PREC=0x00 TTL=64 ID=45123 DF PROTO=TCP SPT=21 DPT=50095 SEQ=2032118751 ACK=2029890080 WINDOW=256 RES=0x00 ACK PSH URGP=0 OPT (0101080A1A6E2B7A1A6E1EEF) UID=0 GID=0

Message from syslogd@ at Tue Oct 25 17:55:35 2011 ...
server kernel: nf_ct_ftp: dropping packetIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=98 TOS=0x00 PREC=0x00 TTL=64 ID=45124 DF PROTO=TCP SPT=21 DPT=50095 SEQ=2032118751 ACK=2029890080 WINDOW=256 RES=0x00 ACK PSH URGP=0 OPT (0101080A1A6E39081A6E1EEF) UID=0 GID=0

Message from syslogd@ at Tue Oct 25 17:55:42 2011 ...
server kernel: nf_ct_ftp: dropping packetIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=98 TOS=0x00 PREC=0x00 TTL=64 ID=45125 DF PROTO=TCP SPT=21 DPT=50095 SEQ=2032118751 ACK=2029890080 WINDOW=256 RES=0x00 ACK PSH URGP=0 OPT (0101080A1A6E54171A6E1EEF) UID=0 GID=0

Message from syslogd@ at Tue Oct 25 17:55:45 2011 ...
server kernel: nf_ct_ftp: dropping packetIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=112 TOS=0x00 PREC=0x00 TTL=64 ID=45127 DF PROTO=TCP SPT=21 DPT=50095 SEQ=2032118751 ACK=2029890086 WINDOW=256 RES=0x00 ACK PSH URGP=0 OPT (0101080A1A6E5FD31A6E5C2B) UID=0 GID=0

_________________
Hello IT.
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego

Top
 Profile  
 
scott
 Post subject: Re: kernel dropping lo packets
Unread postPosted: Tue Oct 25, 2011 7:08 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7458
Location: earth
Firewall rule change? nf_ == netfilter (which is managed by iptables)
Top
 Profile  
 
nobody
 Post subject: Re: kernel dropping lo packets
Unread postPosted: Tue Oct 25, 2011 7:20 pm 
Offline
Forum Regular
Forum Regular

Joined: Sun Mar 29, 2009 6:52 pm
Posts: 348
scott wrote:
Firewall rule change? nf_ == netfilter (which is managed by iptables)


I have an
Quote:
iptables -A INPUT -i lo -j ACCEPT


I have never seen this error before. I have no idea what triggered it...! Didn't see it again after this incident ...

_________________
Hello IT.
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego

Top
 Profile  
 
scott
 Post subject: Re: kernel dropping lo packets
Unread postPosted: Wed Oct 26, 2011 10:22 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7458
Location: earth
Well its coming from a process running on the system trying to ftp back to itself. Thats kind of odd in itself
Top
 Profile  
 
nobody
 Post subject: Re: kernel dropping lo packets
Unread postPosted: Wed Oct 26, 2011 4:46 pm 
Offline
Forum Regular
Forum Regular

Joined: Sun Mar 29, 2009 6:52 pm
Posts: 348
scott wrote:
Well its coming from a process running on the system trying to ftp back to itself. Thats kind of odd in itself


Its not odd.
Joomla sites especially use ftp layer and connect all the time to the ftp. So seeing connections from 127.0.0.1 to 127.0.0.1 seems normal.

_________________
Hello IT.
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego

Top
 Profile  
 
premierhosting
 Post subject: Re: kernel dropping lo packets
Unread postPosted: Tue Dec 20, 2011 1:11 am 
Offline
Forum Regular
Forum Regular

Joined: Wed Aug 04, 2010 2:52 pm
Posts: 257
Wordpress does it too.
Top
 Profile  
 
mikeshinn
 Post subject: Re: kernel dropping lo packets
Unread postPosted: Tue Dec 20, 2011 12:31 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3264
Location: Chantilly, VA
Quote:
server kernel: nf_ct_ftp: dropping packetIN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=112 TOS=0x00 PREC=0x00 TTL=64 ID=45127 DF PROTO=TCP SPT=21 DPT=50095 SEQ=2032118751 ACK=2029890086 WINDOW=256 RES=0x00 ACK PSH URGP=0 OPT (0101080A1A6E5FD31A6E5C2B) UID=0 GID=0


So thats an ACK, PSH, URG packet. Thats generally sent from a one side of a connection to the other to "urgently" acknowledge a connection. They sometimes aren't necessary and get dropped because the connection has already been acked.

Is the connection working? If it is, ignore it.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 7 posts ] 

Board index » Customer Support Forums » Atomic Secured Linux Support

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group