This may actually have nothing to do with fragmented packets. I just saw that I have the same problem you are describing when I try to post from my home. I ran wireshark on it and it looks like I'm just sending buttloads of packet re-transmissions during the HTTP POST, and eventually the webserver closes the connection before I finish the POST. If LJ has some routers which are overwhelmed and dropping packets (hence all the re-transmissions) and if LJ also turned down the timeout for HTTP requests on their webservers to avoid too many concurrent open sockets, then the webserver may just not be getting all of the packets for my HTTP POST before it hits its timeout and closes the TCP connection. That would explain why shorter posts (which are, in turn, shorter HTTP POSTs) would be more likely to succeed and succeed faster than longer ones. Maybe, like you said, the attack is coming down the same pipe that your home ISP uses to reach LJ, but not on a pipe that your school uses to reach them. I think this is the most likely problem, and sadly the solution is: wait until the attack ends, and in the mean time, post short things, or post from school. You can also retry failed posts. I had a couple that failed 3 or 4 times, and then succeeded. This would also be consistent with the theory outlined.
no subject
Date: 2007-06-03 09:00 pm (UTC)