LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Possibe Hack Attempts? (https://www.linuxquestions.org/questions/linux-security-4/possibe-hack-attempts-572874/)

keysorsoze 07-27-2007 09:20 PM
Possibe Hack Attempts?
 
Hi! I am seeing the following errors when issuing a dmesg on my system. This is a public web server. Could this be signs of a hacker becoming successful at attempting to enter my system. What could we do to mitigate this attack. IPTABLES ban? Mod Security?

TCP: Treason uncloaked! Peer 196.47.81.126:61307/443 shrinks window 1396028922:1 396028923. Repaired.
TCP: Treason uncloaked! Peer 196.47.81.126:61312/443 shrinks window 1413067280:1 413067281. Repaired.
TCP: Treason uncloaked! Peer 196.47.81.126:61313/443 shrinks window 1420626703:1 420626704. Repaired.
TCP: Treason uncloaked! Peer 196.47.81.126:61314/443 shrinks window 1418292719:1 418292720. Repaired.
TCP: Treason uncloaked! Peer 196.47.81.126:61339/443 shrinks window 1496596192:1 496596193. Repaired.
TCP: Treason uncloaked! Peer 196.47.81.126:61339/443 shrinks window 1496596192:1 496596193. Repaired.
TCP: Treason uncloaked! Peer 196.47.81.126:61391/443 shrinks window 1709960587:1 709960588. Repaired.
TCP: Treason uncloaked! Peer 196.47.81.126:61391/443 shrinks window 1709960587:1 709960588. Repaired.
TCP: Treason uncloaked! Peer 196.47.81.126:61526/443 shrinks window 2008149136:2 008149137. Repaired.
ERROR: SCSI host `cciss' has no error handling
ERROR: This is not a safe way to run your SCSI host
ERROR: The error handling must be added to this driver

Call Trace:<ffffffffa000359f>{:scsi_mod:scsi_host_alloc+143} <ffffffffa002df17>{ :cciss:cciss_proc_write+372}
<ffffffff80178b8c>{filp_open+106} <ffffffff801ad238>{proc_file_write+37}
<ffffffff801796c0>{vfs_write+207} <ffffffff801797a8>{sys_write+69}
<ffffffff8011026a>{system_call+126}
scsi0 : cciss
Vendor: HP Model: C5683A Rev: P306
Type: Sequential-Access ANSI SCSI revision: 03
st: Version 20040403, fixed bufsize 32768, s/g segs 256
Attached scsi tape st0 at scsi0, channel 0, id 0, lun 0
st0: try direct i/o: yes (alignment 512 B), max page reachable by HBA 4503599627 370495
TCP: Treason uncloaked! Peer 213.181.91.242:63829/80 shrinks window 889952142:88 9953340. Repaired.


Thanks for the help

Simon Bridge 07-27-2007 09:33 PM
ERROR: SCSI host `cciss' has no error handling
ERROR: This is not a safe way to run your SCSI host
ERROR: The error handling must be added to this driver
... adding error handling to the driver may be a good step.

Any reason you cannot just drop packets from the following IPs?
196.47.81.126 (196.47.81.0/24 maybe)
213.181.91.242 (213.181.91.0/24 maybe)

Hmmm... for a good explanation:
http://www.linuxquestions.org/questi...d.php?t=127984

keysorsoze 07-27-2007 09:40 PM
Yes, dropping the IP addresses is not a problem, I just wanted to confirm that this is indeed some malicious intent being performed. Thank you for the reply. I'll take some steps to use IP Tables to drop ban these addresses and resolve the scsi driver issue.

unSpawn 07-28-2007 03:49 AM
Could this be signs of a hacker becoming successful at attempting to enter my system.
No. It's just the kernel telling you (message of informational level) it discovered a change in window size and corrected it. You could have found the answer if you searched LQ.


All times are GMT -5. The time now is 08:35 PM.