Corrupted MAC on input
Damien Miller
djm at mindrot.org
Mon May 3 17:37:59 EST 2004
Gert Doering wrote:
> It could either be bit errors on the line (unlikely, 'cause TCP's checksum
> should notice that) or "overly smart" NAT in the ADSL router, changing
> bits of the outgoing packets for whatever reason.
I think that many of these are likely to be dumb NAT. E.g. the
oft-reported Linksys router problem. Given that everyone is using
the same underpowered chipsets and consumer firmware from the few
large electronics manufacturers, it wouldn't be surprising if
these bugs affected several other vendors.
Could people who are seeing these problems please check their NIC
error and checksum counters to see if they are experiencing a
large number of errors?
I wonder also, if any of these issues are NAT/state timeout
related. If you are suffering from this problem, try turning on the
{Client,Server}Keepalive{Count,Max} options and see if it helps.
Another possibility is bugs relating to rekeying in openssh - these
would be more likely to be triggered on long transfers or otherwise
busy connections. This can be ruled out if people can reproduce the
problem when connected with "ssh -v". This will produce a little more
output, include messages when rekeying occurs.
-d
More information about the openssh-unix-dev
mailing list