LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-09-2003, 02:08 PM   #1
acid2000
Member
 
Registered: Nov 2001
Location: Exeter, UK
Distribution: Gentoo 1.4
Posts: 243

Rep: Reputation: 30
TCP: Treason uncloaked!


TCP: Treason uncloaked! PeerIPADDRESS :4082/80 shrinks window 2373454749:2373458889. Repaired.
Out of Memory: Killed process 3056 (icecast).
Out of Memory: Killed process 3057 (icecast).
Out of Memory: Killed process 3058 (icecast).
Out of Memory: Killed process 3059 (icecast).
Out of Memory: Killed process 3060 (icecast).
TCP: Treason uncloaked! Peer IPADDRESS:3309/80 shrinks window 351852868:351858708. Repaired.
TCP: Treason uncloaked! PeerIPADDRESS :3309/80 shrinks window 351852868:351858708. Repaired.
TCP: Treason uncloaked! Peer IPADDRESS:4759/80 shrinks window 489334493:489337413. Repaired.
TCP: Treason uncloaked! PeerIPADDRESS :4759/80 shrinks window 489334493:489337413. Repaired.
TCP: Treason uncloaked! Peer IPADDRESS :4759/80 shrinks window 489334493:489337413. Repaired.

I've recieved some of these messages on my server I'm doing my own investigations but it looks like too many open TCP connections running a process out of memory. Anyone had this or know how to protect against it?
 
Old 05-16-2003, 03:22 AM   #2
acid2000
Member
 
Registered: Nov 2001
Location: Exeter, UK
Distribution: Gentoo 1.4
Posts: 243

Original Poster
Rep: Reputation: 30
bump, anyone?
 
Old 05-16-2003, 05:34 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
In short: a result of your remote host having a buggy TCP stack and Linux protecting you.

Longer: setting up a connection between your server A and remote host B needs A and B to agree on the amount of data to be sent. In the old situation B was able to manipulate the windows size w/o conversing with A. Basically that could mean B could keep readjusting the size (sliding the window size) untill it reaches zero, which would mean A cannot send data, but the connection remains open. That's a nice way to do resource starvation on A :-] The messages you get are the kernel warning the remote side of the connection changed it's receiving window size. In the new situation this can't happen unless A and B keep agreeing. As protection the kernel will try to time out the connection even tho the connection wasn't torn down the proper way.

Last edited by unSpawn; 05-16-2003 at 05:35 AM.
 
Old 10-13-2003, 11:07 PM   #4
yluck
LQ Newbie
 
Registered: Oct 2003
Posts: 1

Rep: Reputation: 0
the same problem ,It's was DOS attack ?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP: Treason uncloaked! basbosco Linux - Networking 4 03-04-2008 11:24 AM
TCP: Treason uncloaked! basbosco Linux - Security 2 11-11-2004 10:40 AM
Woody 3.0 Open Ports 1470/tcp/uaiact 1518/tcp/vpvd What for?How can I remove them? alexxxis Debian 5 07-05-2004 05:18 PM
Tcp /Ip jgsprasad Linux - Networking 0 06-05-2003 01:28 PM
close port 6000/tcp 515/tcp SchwipSchwap Linux - Newbie 1 09-12-2002 08:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration