LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-22-2003, 01:05 AM   #1
basbosco
Member
 
Registered: Nov 2003
Posts: 33

Rep: Reputation: 15
TCP: Treason uncloaked!


Hi

I am having problem in my linux server.

While executing the demsg in the server i am getting the error like this.
Kindly help me to rectify the problem.

Because of this i am not able to work constantly.

Error:

TCP: Treason uncloaked! Peer 202.162.56.156:32774/80 shrinks window 4292658673:4292661409. Repaired.
TCP: Treason uncloaked! Peer 202.162.56.156:32775/80 shrinks window 4288253267:4288254350. Repaired.
TCP: Treason uncloaked! Peer 202.162.56.156:32774/80 shrinks window 4292658673:4292661409. Repaired.
TCP: Treason uncloaked! Peer 202.162.56.156:32775/80 shrinks window 4288253267:4288254350. Repaired.
TCP: Treason uncloaked! Peer 202.162.56.156:32774/80 shrinks window 4292658673:4292661409. Repaired.
TCP: Treason uncloaked! Peer 202.162.56.156:1725/110 shrinks window 2252179539:2252179580. Repaired.
TCP: Treason uncloaked! Peer 202.131.115.150:63802/80 shrinks window 3519941420:3519941680. Repaired.
TCP: Treason uncloaked! Peer 202.13


Regards
Basbosco
 
Old 12-22-2003, 02:14 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Hmmm, actually searching google gave an answer to this in the very first result. You haven't looked very hard, have you?

In any case, the short answer is that it looks like someone is spoofing an IP, feigning a connection to your http and pop3 servers, then setting their window size to 0 so your daemon sits there trying to send them the data over and over (for instance, they may start a connection and immediately set their window to 0, so you cannot send back the http or pop3 connection banner message). Interestingly enough, this IP address is from unallocated space and the exact same IP shows up in other posts about the same message. I suspect it's a DoS tool that is in circulation, or the same attacker (since the IP is often the same).

You'd best set iptables to block all packets from BOGON networks (nets that shouldn't exist) so you can avoid this type of attack. You may find a list of bogon nets here. Note: unallocated nets change from time to time! Just in November IANA allocated two more blocks to RIPE, so you really need to pay attention if you're blocking all bogon IPs.
 
Old 08-22-2007, 02:50 PM   #3
fancypiper
Guru
 
Registered: Feb 2003
Location: Sparta, NC USA
Distribution: Ubuntu 10.04
Posts: 5,141

Rep: Reputation: 57
This post contains no info

Last edited by fancypiper; 08-22-2007 at 02:51 PM. Reason: Subscribe to this post
 
Old 03-04-2008, 09:34 AM   #4
suso
LQ Newbie
 
Registered: Feb 2005
Location: Bloomington, IN
Distribution: Gentoo and Ubuntu
Posts: 2

Rep: Reputation: 0
Quote:
Originally Posted by chort View Post
Hmmm, actually searching google gave an answer to this in the very first result. You haven't looked very hard, have you?
How ironic, now this thread is the first result on Google. Somehow that gives basbosco purpose to posting it.
 
Old 03-04-2008, 11:24 AM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,781
Blog Entries: 1

Rep: Reputation: 412Reputation: 412Reputation: 412Reputation: 412Reputation: 412
Quote:
Originally Posted by suso View Post
How ironic, now this thread is the first result on Google. Somehow that gives basbosco purpose to posting it.

Please leave the dead in peace. This thread is older than most LQ members and there certainly was no reason to dig it up.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP: Treason uncloaked! basbosco Linux - Security 2 11-11-2004 10:40 AM
Woody 3.0 Open Ports 1470/tcp/uaiact 1518/tcp/vpvd What for?How can I remove them? alexxxis Debian 5 07-05-2004 05:18 PM
TCP: Treason uncloaked! acid2000 Linux - Networking 3 10-13-2003 11:07 PM
Tcp /Ip jgsprasad Linux - Networking 0 06-05-2003 01:28 PM
close port 6000/tcp 515/tcp SchwipSchwap Linux - Newbie 1 09-12-2002 08:24 AM


All times are GMT -5. The time now is 02:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration