[nos-bbs] FTP wierd socket from domain.txt

Jay Nugent jjn at nuge.com
Sat May 26 14:24:03 EDT 2007 

Greetings,

On Fri, 25 May 2007, (Skip) K8RRA wrote:

> I can use some help in tying this all together...
> 
> Yesterday I reported the FTP anomaly - today I've dug myself into a
> hole.
> 
> I have traced the strange IP 206.112.100.132 back into the domain.txt
> file of my neighbor.  It belongs to the domain "rtimer.ampr.org".  There
> are four entries for this domain that seems senseless?  

   Really????  What are they?

   # host 206.112.100.132
     132.100.112.206.in-addr.arpa is an alias for 132.128.100.112.206.in-addr.arpa.
     132.128.100.112.206.in-addr.arpa domain name pointer unknown.

   Looks like the DNS 'ptr' record points to another record which then 
points to no where :(

   # host rtimer.ampr.org
     Host rtimer.ampr.org not found: 3(NXDOMAIN)

   And there is no record for 'rtimer.ampr.org' -- so it is unresolvable 
back to any IP address, let alone one in the 44/8 space.

   So please fill me in as to what this has anything to do at all with 
regard to the 'rtimer' setting which controls the "IP reassembly 
time-out"?


 
> The one link that might work is that the "ip rtimer value" on my
> neighbor system is badly set (in my opinion) much too short a time
> period.

   What is it set for?  30 seconds is the default setting.

   And unless your neighbors machine is the endpoint HOST you are
connecting to, then it is mearly acting as an IP "router" and will not be
responsible to reassemble any packets sent through it.  It just takes 'em
in and spits 'em out, as is, like a good router should.

> 
> BUT
> 
> I have searched for what rtimer does, and when it times out it makes no
> sense to involve ampr.org or IP 206.112.100.132 which is part of Verison
> set of addresses.

   Very true.  So how did you come up with the idea that this timer had 
anything whatsoever to do with needing to perform a DNS resolve for an 
address?   This makes absolutely no sense.   Care to share your step by 
step anaylsis of how you came to this conclusion? 


 
> SO - Is the domain table being garaged up by a jnos bug that is tied to
> repeated time-outs of rtimer?

    Even if it were, what does it have to do with the 'rtimer' setting?

   What was your ORIGINAL problem that led you down this dark and dingy 
street of smoke and mirrors????

      --- Jay  WB8TKL
             
"Getting rid of terrorism is like getting rid of dandruff.  It cannot
 be done completely no matter how hard you try." -- Gore Vidal
+------------------------------------------------------------------------+
| Jay Nugent   jjn at nuge.com    (734)484-5105    (734)544-4326/Fax        |
| Nugent Telecommunications  [www.nuge.com]     (734)649-0851/Cell       |
|   Internet Consulting/Linux SysAdmin/Engineering & Design/ISP Reseller |
| ISP Monitoring [www.ispmonitor.net] ISP & Modem Performance Monitoring |
| Web-Pegasus    [www.webpegasus.com] Web Hosting/DNS Hosting/Shell Accts|
| LinuxNIC, Inc. [www.linuxnic.net]   Registrar of the .linux TLD        |
+------------------------------------------------------------------------+
  2:01pm  up 76 days, 10:05,  3 users,  load average: 0.13, 0.10, 0.09

More information about the nos-bbs mailing list