Minerva, the ISP of ISOC has been alerted and are working on the problem
but cannot locate exactly where is the problem, if you have any
information on where ECN packets are discarded please provide this
information to support(_at_)minerva(_dot_)net add [HelpDeskTicket=12181] at
of the subject.
I think you may have more tools htan me to locate the faulty
Thanks for helping locate the problem.
The "ECN-under-Linux Unofficial Vendor Support Page" web page
at "http://gtf.org/garzik/ecn/" lists the known vendor equipment
that has problems, with pointers to the bug-fixes provided by those
There is also an internet-draft about this problem,
"Inappropriate TCP Resets Considered Harmful", at
This was approved to become a BCP on June 11.
From draft-floyd-tcp-reset-04.txt, for background history:
Unfortunately, misconceived security concerns are one of the reasons
for the problems described in this document in the first place. An
August, 2000, article on "Intrusion Detection Level Analysis of Nmap
and Queso" described the port-scanning tool Queso as sending SYN
packets with the last two Reserved bits in the TCP header set, and
said the following: "[QUESO] is easy to identify, if you see [these
two Reserved bits and the SYN bit] set in the 13th byte of the TCP
header, you know that someone has malicious intentions for your
network." As is documented on the TBIT Web Page, the middleboxes
that block SYNs using the two ECN-related Reserved flags in the TCP
header do not block SYNs using other Reserved flags in the TCP
One lesson appears to be that anyone can effectively ``attack'' a new
TCP function simply by using that function in their publicly-
available port-scanning tool, thus causing middleboxes of all kinds
to block the use of that function.