I have used iptables to log the number of FIN,ACK's outside an existing connection. The FIN,ACK's only occur on my Amazon Dots and not on my Harmony Hubs or other devices.
Before I show the iptables -nvL FORWARD output I would like to mention that I am using a Raspberry Pi as a repeater for my home automation (HA) devices. In other works all of my HA devices are Wifi attached to the Raspbarry Pi, running Raspian Stretch, and the Pi is Ethernet port connected (i.e., hard wired) to my home router.
Here is a link to the iptables -nvL FORWARD list output:
https://drive.google.com/open?id=16w5U2_BkCapyf5aKO22hva7L2wS-PRNN
or
https://pastebin.com/fLuP1msU
Now, what I am going to say now should NOT be assumed to be 100% correct because,... well.... I make mistakes. I contend that the FIN,ACK's are outside of a valid connection because they are not picked up by previous rules in the iptables setup. The rule I contend that picks up the connection-less FIN,ACK's is nearly the last rule and starts with
3870 155K ACCEPT tcp -- wlan0 eth0
You will notice that, in this rule, I limit the rule to the address range of my Amazon Dot's which are defined in the first few rules.
So, am I interpreting correctly that my Amazon Dot's are attempting to respond with a FIN,ACK over a non-existent connection? If so, is there an issue with the Amazon servers or the Amazon Dot tcp stack? Also note that I do not see any of this connection less FIN,ACK on the other devices on the same Raspberyy Pi.
Thanks
No comments:
Post a Comment