XMPP Service Operators - 2024-03-16


  1. nuegia.net

    I'm getting a bunch of weird probes on my client port from random tmobile ip addresses

  2. nuegia.net

    tcp 0 0 us-central.xmpp-cli 172.59.73.9.1277 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.76.252.1276 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.76.252.58847 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.230.48.65498 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.58.57.115.28370 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.227.187.41931 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.230.48.7864 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.58.57.115.21407 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.231.108.24983 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.73.141.34961 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.58.57.115.62094 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.58.57.115.58765 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.76.252.14720 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.231.108.21622 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.73.141.58740 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.227.134.1127 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.227.187.8004 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.73.9.28226 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.231.108.62219 FIN_WAIT_2 tcp 0 0 us-central.xmpp-cli 172.59.227.134.55296 FIN_WAIT_2

  3. nuegia.net

    anybody have any idea what this could be about?

  4. nuegia.net

    some kind of scan or attempted ddos?

  5. techmetx11

    nuegia.net: probably a crappy mobile client

  6. nuegia.net

    it's leaving almost 100 tcp sessions half open

  7. techmetx11

    a bad TCP implementation leaving your server hanging on FIN_WAIT_2

  8. techmetx11

    FIN_WAIT_2 is when the server wants to close the connection but the client doesn't acknowledge it

  9. techmetx11

    this only happens on the TCP layer

  10. nuegia.net

    any clue which client it could be?

  11. techmetx11

    no idea

  12. techmetx11

    might be a shit TCP implementation

  13. nuegia.net

    i don't suppose too many tcp implementations are like this, probably not android

  14. nuegia.net

    what's also really weird is that ip block is owned by tmobile, and tmobile runs an ipv6-only network

  15. Wirlaburla

    Symbian

  16. amarachi

    nuegia.net, tmobile still has ipv4, just cgnat shared it could simply be someone driving and getting a new shared ip every few cell towers or something

  17. nuegia.net

    there's nat64 in place, but that should never be used by a tmobile customer because they have ipv6 as a first class

  18. nuegia.net

    the only time tmobile uses ipv4 is when they are roaming, but then i'd use ip addresses owned by the tower company their roaming on

  19. amarachi

    nah, many clients will happily use ipv4 even if v6 is available

  20. nuegia.net

    so it's like somebody has forced ipv4 or is on some really really really legacy phone

  21. techmetx11

    nuegia.net: linux will automatically timeout these connections

  22. techmetx11

    (kernel variable: net.ipv4.tcp_fin_timeout)

  23. techmetx11

    it also might be because their IP drops before they could properly disconnect from your XMPP server

  24. techmetx11

    here's a page describing this

  25. techmetx11

    https://pdos.csail.mit.edu/archive/manual/misc/fin_wait_2.html

  26. techmetx11

    (it's apache-related, but whatever)

  27. nuegia.net

    thanks

  28. nuegia.net

    anybody know what happened to ds.internic.net?