input1: USB HID v1.10 Mouse [Avocent Avocent DSRIQ-USB] on usb1:4.1 TCP: Treason uncloaked! Peer 202.174.144.226:25/42706 shrinks window 3664835727:3664841567. Repaired. TCP: Treason uncloaked! Peer 67.113.236.101:25/40065 shrinks window TCP: Treason uncloaked! Peer 67.113.236.101:25/46663 shrinks window 471513197:471513202. Repaired. TCP: Treason uncloaked! Peer 67.113.236.101:25/46663 shrinks window 471513197:471513202. Repaired. I've recieved some of these messages on my server I'm doing my own investigations. Anyone had this or know how to protect against it?
You are getting DOS'ed or DDOS'ed using a fairly old and commom practice. Window shrinking is not allowed in the TCP/IP specification.
I think the new kernel can handle this nastiness. There is nothing to worry about. consider it just as a log message.
From /usr/src/linux/net/ipv4/tcp_timer.c:
if (tp->snd_wnd == 0 && !sk->dead &&
!((1<<sk->state)&(TCPF_SYN_SENT|TCPF_SYN_RECV))) {
/* Receiver dastardly shrinks window. Our retransmits
* become zero probes, but we should not timeout this
* connection. If the socket is an orphan, time it out,
* we cannot allow such beasts to hang infinitely.
*/
#ifdef TCP_DEBUG
if (net_ratelimit())
printk(KERN_DEBUG "TCP: Treason uncloaked! Peer
%u.%u.%u.%u:%u/%u shrinks window %u:%u. Repaired.\n",
NIPQUAD(sk->daddr), htons(sk->dport), sk->num,
tp->snd_una, tp->snd_nxt);
#endif
-- ( 2b || !2b)
_______________________________________________ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
