nrpe-nt not sending FIN/SYN?

Hugo van der Kooij hvdkooij at vanderkooij.org
Fri Jul 14 20:36:01 CEST 2006


On Fri, 14 Jul 2006, Andrew Ruddock wrote:

> We are running Nagios 2.2 on a linux server which sits in one dmz behind
> a Cisco Pix firewall.  The Nagios server is checking the NRPE-NT 0.8b
> client on many Windows 2000/2003 servers in another dmz.  We have a
> firewall policy that permit the Nagios server and associated NRPE port
> to connect to any host in the second dmz.
>
> Although Nagios is able to connect and receive responses from the NRPE
> clients, it appears that the connections are not being closed
> gracefully.  My firewall the Pix, is being flooded with tons of Denial
> messages.  I've done packet captures to try and isolate the problem, and
> it appears that the NRPE client is sending a frame without a FIN or SYN
> in it.  This is causing my firewall to log a LOT more than it really
> needs to.

I think I would like to see a full trace to establish who is not playing
ball here.

My guess is that a TCP connection is initiated and assumed to be open for
ages by Nagios (and relatives). But without traffic the PIX will shutdown
the session after N seconds (where N could be a common number like: 60,
300, 900 or 3600).

So in order to pass sentence we need the evidence in full.

But I would put my money on the PIX being the offender.

Hugo.

-- 
	I hate duplicates. Just reply to the relevant mailinglist.
	hvdkooij at vanderkooij.org		http://hvdkooij.xs4all.nl/
		Don't meddle in the affairs of magicians,
		for they are subtle and quick to anger.


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list