PDA

View Full Version : DOS attack??

marcov8
2004-11-20, 11:37 AM
Hello

my kernel.log is full of message like this:



TCP: Treason uncloaked! Peer 83.224.64.58:45441/80 shrinks window 1250470916:1250473284. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.58:45441/80 shrinks window 1250470916:1250473284. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.58:9186/80 shrinks window 3185150969:3185170713. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.55:14186/80 shrinks window 873020086:873034746. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.55:37552/80 shrinks window 4023837891:4023849655. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.55:37552/80 shrinks window 4023837891:4023849655. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.57:43726/80 shrinks window 3148641324:3148652734. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.57:56587/80 shrinks window 638271512:638283701. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.57:57218/80 shrinks window 635394834:635398729. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.57:58561/80 shrinks window 640441544:640455496. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.57:58722/80 shrinks window 638960003:638969246. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.57:9112/80 shrinks window 669983381:669992230. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.57:9278/80 shrinks window 676074909:676083069. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.57:9361/80 shrinks window 679905677:679913837. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.57:9470/80 shrinks window 683552669:683562277. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.57:9534/80 shrinks window 672652962:672660757. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.57:9638/80 shrinks window 684841081:684849394. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.57:9721/80 shrinks window 676330176:676338336. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.57:9802/80 shrinks window 672739110:672747959. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.56:41642/80 shrinks window 3677415936:3677429888. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.56:41642/80 shrinks window 3677415936:3677429888. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.56:41642/80 shrinks window 3677415936:3677429888. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.56:41642/80 shrinks window 3677499920:3677501098. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.56:41642/80 shrinks window 3677499920:3677501098. Repaired.
TCP: Treason uncloaked! Peer 83.224.64.56:41642/80 shrinks window 3677499920:3677501098. Repaired.


i'm using the standard server beach kernel so i assume the TCP debugging is off.

does anyone know what Treason uncloaked means ??


Thankss
GaryK
2004-11-20, 12:00 PM
It usually means the remote host decided to shrink the TCP window size without
negotiating it with your Linux box. The message is usually informational as Linux can usually cope with this situation as it did in your situation. However it can also be the precursor to an attack so check for other indications of hacking attempts.