"Corrupted MAC on input. Packet Corrupt" on file transfer over SSH, SCP, and FTP on Linux Server

help on this would be great.

Specs:

LAMP server Linux OS - Debian 5.0.1 4x Intel(R) Xeon(TM) CPU 2.80GHz

Important Packages:

  • openssl - SSL security
  • iptables - firewall to block all requests except what's permitted
  • phpmyadmin - to make things easier
  • ntp

We didn't use to have a problem with this and we don't know exactly when it happened or the details about what was changed when it happened. But we did do an update and this issue seems to have started and corresponds with the update. But any time I try to transfer large files from the server (i.e. The sites root folder for a backup) to my machine for example, over SSH and SCP I get the following:

"Corrupted MAC on input. Disconnecting: Packet corrupt"

  • This happens when I use SCP to copy them over. First it stalls then it give the error above.
  • If I try FTP, it gets to about 3% and stalls completely, including the FTP program.

I dont know exactly what could be the problem here. I feel like it would either have something to do with HMAC or HMAC2 or With the network card or software. Any thoughts?


Solution 1:

My thoughts:

On-the wire level errors should be eliminated by the Ethernet and TCP checksums. It is possible that corrupted Ethernet frame / IP packet could slip now and then up to the higher levels of the networking stack, but it really isn't very probable and definitely shouldn't lead to a repeatable issue. Therefore I see two main possibilities:

1) There's somebody fooling with your transmission, modifying in-transit data so that the Ethernet/IP checksums match, but encryption layer sees rubbish, or 2) More probably, you have some hardware error, most probably CPU or RAM, that damages data after it has been taken off-the-wire. Again, ECC RAM should reduce probability of this happening, but overheating / dying CPU can play hell with data.

I don't know if TCP Offload Engine with a mis-behaving NIC/driver could produce such errors, but that line of thought could explain (changed driver?) the correlation of problems with the update.

Solution 2:

For anyone else stumbling upon this question / answer, I can attest to the fact that a faulty NIC / ethernet port (as Paweł mentions) can cause the exact issue OP has (Corrupted MAC on input). I have two ethernet ports, one of which corrupts large file transmissions when used.

Solution 3:

Stopping services like Samba, Apache and MySQL did the trick. After stopping them, the connection didn't terminate and I was able to transfer 7GB tar file without any "corrupted mac on input" error.

Log file you should tail to see the error is /var/log/secure