Consider the following scenario
You are attending a Macintosh conference where many people are using AirPort wireless to access the Internet from their laptops. For no apparent reason, many web sites are slow or fail to come up on the first attempt. Your web browser reports "connection refused" or "the connection was reset".
You may be experiencing promiscuous resets.
Someone on your LAN is running a firewall configured to Reject connection requests to port 80 (HTTP). They then decide to use a monitoring tool that sets their interface to promiscuous mode. In promiscuous mode, their firewall is rejecting all connection requests for port 80 (HTTP), not just those addressed to their machine.
When you try to access a web site, the connection request is Reset by their firewall before the remote site can respond.
IPNetSentryX includes a feature to work around this problem. When it detects a TCP Reset segment, it delays it for 0.5 seconds giving the remote site a chance to respond first. If the Reset is legitimate, it will still be delivered normally. If the remote site does respond, the Reset will be ignored since it arrives out of order.
This problem only occurs if both machines are on the same LAN segment. If they are separated by a switch, the promiscuous interface will no longer see your connection requests. Apple has also implemented a fix so that newer systems will not send promiscuous resets via AirPort.
See for yourself
You can demonstrate this behavior if you have two machines on the same LAN with IPNetSentryX. Setup one machine to reject connection requests to port 80 like this:
Next, use the TCP Dump tool to set the desired interface to promiscuous mode:
When you try to access the web from another machine on this LAN, connections will be refused.
Now enable IPNetSentryX on your other machine with a configuration that includes delaying promiscuous resets:
The match count for the Delay action increments and normal web access is restored.
IPNetSentryX provides an effective defense against hostile or misconfigured firewalls that generate promiscuous TCP resets.
Please send questions, comments, or suggestions using our general requests form:
Back to IPNetSentryX Application Notes