TCP: Treason uncloaked!
 

TCP: Treason uncloaked! PeerIPADDRESS :4082/80 shrinks window 2373454749:2373458889. Repaired.
Out of Memory: Killed process 3056 (icecast).
Out of Memory: Killed process 3057 (icecast).
Out of Memory: Killed process 3058 (icecast).
Out of Memory: Killed process 3059 (icecast).
Out of Memory: Killed process 3060 (icecast).
TCP: Treason uncloaked! Peer IPADDRESS:3309/80 shrinks window 351852868:351858708. Repaired.
TCP: Treason uncloaked! PeerIPADDRESS :3309/80 shrinks window 351852868:351858708. Repaired.
TCP: Treason uncloaked! Peer IPADDRESS:4759/80 shrinks window 489334493:489337413. Repaired.
TCP: Treason uncloaked! PeerIPADDRESS :4759/80 shrinks window 489334493:489337413. Repaired.
TCP: Treason uncloaked! Peer IPADDRESS :4759/80 shrinks window 489334493:489337413. Repaired.

I've recieved some of these messages on my server I'm doing my own investigations but it looks like too many open TCP connections running a process out of memory. Anyone had this or know how to protect against it?

bump, anyone?

In short: a result of your remote host having a buggy TCP stack and Linux protecting you.

Longer: setting up a connection between your server A and remote host B needs A and B to agree on the amount of data to be sent. In the old situation B was able to manipulate the windows size w/o conversing with A. Basically that could mean B could keep readjusting the size (sliding the window size) untill it reaches zero, which would mean A cannot send data, but the connection remains open. That's a nice way to do resource starvation on A :-] The messages you get are the kernel warning the remote side of the connection changed it's receiving window size. In the new situation this can't happen unless A and B keep agreeing. As protection the kernel will try to time out the connection even tho the connection wasn't torn down the proper way.

the same problem ,It's was DOS attack ?