Help - Search - Members - Calendar
Full Version: Looking for a explanation on this.
The Planet Forums > System Administration > Network
thedude
Feb 12 2008, 10:30 AM
I have quite a few of these lately in my dmesg logs.


CODE
TCP: Treason uncloaked! Peer 80.135.111.79:1074/8060 shrinks window 2503804167:2503810467. Repaired.
TCP: Treason uncloaked! Peer 80.135.111.79:1074/8060 shrinks window 2504056167:2504068767. Repaired.
TCP: Treason uncloaked! Peer 80.135.111.79:1074/8060 shrinks window 2504238867:2504248947. Repaired.
TCP: Treason uncloaked! Peer 80.135.111.79:1074/8060 shrinks window 2506753827:2506765167. Repaired.
TCP: Treason uncloaked! Peer 80.135.111.79:1074/8060 shrinks window 2507555187:2507565267. Repaired.
TCP: Treason uncloaked! Peer 80.135.111.79:1074/8060 shrinks window 2508055407:2508064227. Repaired.
TCP: Treason uncloaked! Peer 80.135.111.79:1074/8060 shrinks window 2508283467:2508296067. Repaired.
TCP: Treason uncloaked! Peer 80.135.111.79:1074/8060 shrinks window 2510217567:2510231427. Repaired.
TCP: Treason uncloaked! Peer 80.135.111.79:1074/8060 shrinks window 2510483427:2510494767. Repaired.
TCP: Treason uncloaked! Peer 80.135.111.79:1074/8060 shrinks window 2510860167:2510874027. Repaired.
TCP: Treason uncloaked! Peer 80.135.111.79:1074/8060 shrinks window 2511404487:2511418347. Repaired.


I've done some googling, and what I know so far, is it is the remote computer shrinking the TCP window without negotiating with the linux box.

I've heard things from this might be some sort of a DOS attack, to someone overtuning their TCP connections etc etc.

I'm curious as to if anyone out there has a really good explanation as to what this means, and should the IP be blocked.

8060 is a port that I have a shoutcast server running on.
Tomy Durden
Feb 12 2008, 01:10 PM
Either someone's NAT is setup wonky or someone is trying to dos by SYN flood. It could also be that the remote host is suffering from a MITM attack. I'd say email abuse@t-ipnet.de with the logs and they'll notify the admin of the machine.
thedude
Feb 12 2008, 01:17 PM
hmmm..

well if it is a DOS attack they doing a sucky job at it...no performance loss on my end..lol
markcausa
Feb 13 2008, 12:17 AM
QUOTE (thedude @ Feb 12 2008, 11:17 AM) *
well if it is a DOS attack they doing a sucky job at it...no performance loss on my end..lol

Haha, you're right!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.