The "state" field of ra output
Russell Fulton
r.fulton at auckland.ac.nz
Mon Oct 21 23:31:52 EDT 2002
On Tue, 2002-10-22 at 15:56, Andrew Pollock wrote:
> On Tue, Oct 22, 2002 at 03:44:46PM +1300, Russell Fulton wrote:
>
> [snip]
>
> > Not exactly, a RST in the status field says that that the session was
> > terminated by an RST. I.e. it may have been established and transferred
> > 100MB of data via scp and then terminated by a RST rather than an FIN.
>
> This part of the ra manpage may need clarification:
>
> Thu 12/29 06:40:32 tcp 132.3.31.15.6200 <| 12.23.14.77.25 RST
> This tcp transaction from the smtp port of host
> 12.23.14.77 was RESET, indicating that the transaction was
> denied.
ummmm... this is accurate in so far as it goes. For SMTP and some other
protocols a RESET from the server is a fairly good indication that the
service was denied. As a general rule it is not so hot.
--
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
"It aint necessarily so" - Gershwin
More information about the argus
mailing list