Re: [CentOS] "Treason uncloaked!"

2008-10-03 Thread Kenneth Porter 

Did this patch make it into the kernel for C5.2?


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] "Treason uncloaked!"

2008-09-26 Thread Chris Boyd 


On Sep 25, 2008, at 1:51 PM, Frank Cox wrote:


John R Pierce <[EMAIL PROTECTED]> wrote:

they come from random IPs all over the place.   further, the port  
they
are sent to is a shoutcast service port, so I can't exactly block  
that.


A place to start:

http://www.cymru.com/Documents/bogon-list.html


If you decide to block bogons, you MUST check back often to see what  
changes have been made to the list.  I've had hundreds of  
conversations with clueless ISPs and admins about their out of date  
lists.


Many ISPs and colocation shops already drop bogons in any case.

--Chris
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] "Treason uncloaked!"

2008-09-25 Thread Jim Perrin 
On Thu, Sep 25, 2008 at 6:24 PM, Ralph Angenendt <[EMAIL PROTECTED]> wrote:

> No, you can't. Those messages turn up in the kernel ring buffer (aka dmesg). I
> don't find anything in the rsyslog (or rklogd) manual page on filtering or
> redirecting those.
>
> I might be wrong, but ...

It's entirely possible that I'm confusing rsyslog versions here, but I
was under the impression that this could be filtered with '$ModLoad
imklog' and then redirecting the regex'd statements elsewhere. It
would not affect what shows up in dmesg exactly, but would provide a
way to clean up other logging.


-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] "Treason uncloaked!"

2008-09-25 Thread Ralph Angenendt 
Jim Perrin wrote:
> On Thu, Sep 25, 2008 at 5:15 AM, John R Pierce <[EMAIL PROTECTED]> wrote:
>> got a centos5.2 web/database server thats on a public coloc, its dmesg
>> fills
>> up with
>> TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window
>> 3243232020:3243237180. Repaired.
>>
>> I know thats because of random bogosity coming in from the internet, and I
>> really don't care.   can I suppress that from filling up the dmesg buffer 
>> so I can see more important things like scsi soft errors?
> 
> You can filter these messages to their own log when using rsyslog and
> its regex features.

No, you can't. Those messages turn up in the kernel ring buffer (aka dmesg). I
don't find anything in the rsyslog (or rklogd) manual page on filtering or
redirecting those.

I might be wrong, but ...

Cheers,

Ralph

pgpmtSrjU3aCW.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] "Treason uncloaked!"

2008-09-25 Thread Ross S. W. Walker 
John R Pierce wrote:
> 
> got a centos5.2 web/database server thats on a public coloc, its dmesg 
> fills up with
> 
> 
> TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 
> 354477433:354478918. Repaired.
> TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 
> 354477433:354478918. Repaired.
> TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 
> 354477433:354478918. Repaired.
> TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 
> 3243223020:3243237180. Repaired.
> TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 
> 3243227520:3243237180. Repaired.
> TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 
> 3243232020:3243237180. Repaired.
> 
> I know thats because of random bogosity coming in from the internet, and 
> I really don't care.   can I suppress that from filling up the dmesg 
> buffer so I can see more important things like scsi soft errors?

You could try turning TCP window scaling off which should stop that
part of the stack from executing.

How much it will affect the network performance of your box depends
on the clients connecting to it...

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] "Treason uncloaked!"

2008-09-25 Thread Frank Cox 
On Thu, 25 Sep 2008 11:30:36 -0700
John R Pierce <[EMAIL PROTECTED]> wrote:

> they come from random IPs all over the place.   further, the port they 
> are sent to is a shoutcast service port, so I can't exactly block that.  

A place to start:

http://www.cymru.com/Documents/bogon-list.html

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
DRY CLEANER BUSINESS FOR SALE ~ http://www.canadadrycleanerforsale.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] "Treason uncloaked!"

2008-09-25 Thread Jim Perrin 
On Thu, Sep 25, 2008 at 5:15 AM, John R Pierce <[EMAIL PROTECTED]> wrote:
> got a centos5.2 web/database server thats on a public coloc, its dmesg fills
> up with
>
>
> TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window
> 354477433:354478918. Repaired.
> TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window
> 354477433:354478918. Repaired.
> TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window
> 354477433:354478918. Repaired.
> TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window
> 3243223020:3243237180. Repaired.
> TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window
> 3243227520:3243237180. Repaired.
> TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window
> 3243232020:3243237180. Repaired.
>
> I know thats because of random bogosity coming in from the internet, and I
> really don't care.   can I suppress that from filling up the dmesg buffer so
> I can see more important things like scsi soft errors?


You can filter these messages to their own log when using rsyslog and
its regex features. I'm not sure how much performance impact you'd
take from it, but unless you're a really high-traffic site, it should
be just fine.

-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] "Treason uncloaked!"

2008-09-25 Thread John R Pierce 

Frank Cox wrote:

On Thu, 25 Sep 2008 02:15:01 -0700
John R Pierce <[EMAIL PROTECTED]> wrote:

  
I know thats because of random bogosity coming in from the internet, and 
I really don't care.   can I suppress that from filling up the dmesg 
buffer so I can see more important things like scsi soft errors?




Block the ip addresses where it's coming from with iptables or something.

  



they come from random IPs all over the place.   further, the port they 
are sent to is a shoutcast service port, so I can't exactly block that.  
___

CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] "Treason uncloaked!"

2008-09-25 Thread Frank Cox 
On Thu, 25 Sep 2008 02:15:01 -0700
John R Pierce <[EMAIL PROTECTED]> wrote:

> I know thats because of random bogosity coming in from the internet, and 
> I really don't care.   can I suppress that from filling up the dmesg 
> buffer so I can see more important things like scsi soft errors?


Block the ip addresses where it's coming from with iptables or something.



-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
DRY CLEANER BUSINESS FOR SALE ~ http://www.canadadrycleanerforsale.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos