Description
Hi, we had lots of the connections described below originating from cn-domains the last days.
We use juggernaut2 which uses socket-io (0.7.7) for its connection management.
Since a couple of days connections on our hosts keep resetting
every other minute.
After some package capturing, I found that this connection loss is
always preceded by a connection from another host.
Please see this image for details:
https://img.skitch.com/20110706-j2mtndgphypuss2kq7dpy9rrnq.png
the packages until #64 are regular stuff during my websocket
connection. My IP is 79.253.18.81, the IP of the server interface is
10.228.214.111
at package #65 the host 212.92.202.48 (~dns1.metronet.hr) starts a
connection and on #68 asks me kindly to connect to 205.188.251.36:443
(imauth-p02a.blue.icq.net). If I understand it right, someone is
looking for an anonymous proxy.
in package #70 our server starts to fin the connection - which is
probably a good thing to do, but
in #74 my client connection get's a fin too, which leads to a
reconnect on my client side
If I connected more websocket clients at that time, all of them would
be reset.
I should mention that the socket-io-traffic uses SSL encryption.
For now, I just marked this foreign IP address in iptables, but this
is of course not a solution.
Thank you for any thoughts on this
--Frank