Hi, I saw dmesg a lot of messages like : "TCP: Treason uncloaked! Peer ip:4897/3128 shrinks window 3238709586:3238716886. Repaired." messages with different IP addresses, client IP
This is a proxy server, RH 8.0 kernel 2.4.18-18.8.0 with squid -2.4.STABLE7-4 I don' t know exactly what those lines mean ... on the net I found an explanation but it 's quite confuse for me .. >1) An "old" (read "broken") TCP stack on the receiver. The original >RFC (793 IIRC) allowed this behavior -- RFC 1122 (?) corrected this by >prohibiting the RECEIVER from >doing this. > > >2) Some mobile HTTP clients which, in order to get only the first >portion of an HTTP document, purposely(!!!) set a small initial window >size and don't allow it to move (until/if the user requests "more" of >the document, at which time they send ACK, thus reopening the window). > > >Presumably, it COULD be some lame attempt at a DOS attack; since you saw >it only twice, I would say the chance of it being 1) or 2) is >extremely close to 100%. > > >Above quoted from www.google.com > > >Stephen Hauskins >Academic Computing Group >Natural Sciences Division or just a problem with TCP stack, I not sure of that .. Any suggestions ? Thanks fabrice -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list