need help what these kernel message means May 29 11:21:28 ephlodur kernel: TCP: Treason uncloaked! Peer 69.17.187.159:6881/26139 shrinks window 2001025157:2001025159. Repaired. May 29 11:21:29 ephlodur kernel: TCP: Treason uncloaked! Peer 69.17.187.159:6881/26139 shrinks window 2001025157:2001025159. Repaired. thanks |__|___|___|__\\|// - ?__|___|_____|___|_____| |__|___|___|__(o o)______|___|_____|___|_____| |__|___|___oOOO(_)OOOo____|___|_____|___|_____| email : ephlodur@rocketmail.com What we need is Awareness we can't get carelless. __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new Resources site http://smallbusiness.yahoo.com/resources/
The Sunday 2005-05-29 at 08:31 -0700, MindBender wrote:
need help what these kernel message means
May 29 11:21:28 ephlodur kernel: TCP: Treason uncloaked! Peer 69.17.187.159:6881/26139 shrinks window 2001025157:2001025159. Repaired. May 29 11:21:29 ephlodur kernel: TCP: Treason uncloaked! Peer 69.17.187.159:6881/26139 shrinks window 2001025157:2001025159. Repaired.
I dunno. But grepping finds the only "Treason" reference in '/usr/src/linux/net/ipv4/tcp_timer.c': static void tcp_retransmit_timer(struct sock *sk) { struct tcp_sock *tp = tcp_sk(sk); if (!tp->packets_out) goto out; BUG_TRAP(!skb_queue_empty(&sk->sk_write_queue)); if (!tp->snd_wnd && !sock_flag(sk, SOCK_DEAD) && !((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))) { /* Receiver dastardly shrinks window. Our retransmits * become zero probes, but we should not timeout this * connection. If the socket is an orphan, time it out, * we cannot allow such beasts to hang infinitely. */ #ifdef TCP_DEBUG if (net_ratelimit()) { struct inet_sock *inet = inet_sk(sk); printk(KERN_DEBUG "TCP: Treason uncloaked! Peer %u.%u.%u.%u:%u/%u shrinks window %u:%u. Repaired.\n", NIPQUAD(inet->daddr), htons(inet->dport), inet->num, tp->snd_una, tp->snd_nxt); } #endif ... You can read a bit of programmer's humour if you read the next coment ;-) -- Cheers, Carlos Robinson
Hi Carlos,
Thanks fro the reply.. but I'm still confuse at what
cause these message to appear ... I have google aroun
a bit.. but nothing to what cause them, how to prevent
it ..
thks
--- "Carlos E. R."
The Sunday 2005-05-29 at 08:31 -0700, MindBender wrote:
need help what these kernel message means
May 29 11:21:28 ephlodur kernel: TCP: Treason uncloaked! Peer 69.17.187.159:6881/26139 shrinks window 2001025157:2001025159. Repaired. May 29 11:21:29 ephlodur kernel: TCP: Treason uncloaked! Peer 69.17.187.159:6881/26139 shrinks window 2001025157:2001025159. Repaired.
I dunno. But grepping finds the only "Treason" reference in '/usr/src/linux/net/ipv4/tcp_timer.c':
static void tcp_retransmit_timer(struct sock *sk) { struct tcp_sock *tp = tcp_sk(sk);
if (!tp->packets_out) goto out;
BUG_TRAP(!skb_queue_empty(&sk->sk_write_queue));
if (!tp->snd_wnd && !sock_flag(sk, SOCK_DEAD) && !((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))) { /* Receiver dastardly shrinks window. Our retransmits * become zero probes, but we should not timeout this * connection. If the socket is an orphan, time it out, * we cannot allow such beasts to hang infinitely. */ #ifdef TCP_DEBUG if (net_ratelimit()) { struct inet_sock *inet = inet_sk(sk); printk(KERN_DEBUG "TCP: Treason uncloaked! Peer %u.%u.%u.%u:%u/%u shrinks window %u:%u. Repaired.\n", NIPQUAD(inet->daddr), htons(inet->dport), inet->num, tp->snd_una, tp->snd_nxt); } #endif ...
You can read a bit of programmer's humour if you read the next coment ;-)
-- Cheers, Carlos Robinson
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
|__|___|___|__\\|// - ?__|___|_____|___|_____| |__|___|___|__(o o)______|___|_____|___|_____| |__|___|___oOOO(_)OOOo____|___|_____|___|_____| email : ephlodur@rocketmail.com What we need is Awareness we can't get carelless. __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new Resources site http://smallbusiness.yahoo.com/resources/
On Monday 30 May 2005 10:33 am, MindBender wrote:
Hi Carlos,
Thanks fro the reply.. but I'm still confuse at what cause these message to appear ... I have google aroun a bit.. but nothing to what cause them, how to prevent it .. thks
What are you googling for? A quick look for TCP: Treason > uncloaked! turns up tons of references explaining what is going on. Scott -- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.11.4-20a-default x86_64
Hi Scott
I don't know if you have noticed most of the answer
claim it a software they have installed none really
are clamming the same software .... do you know what
cause these messages and should I worried about them
Thank for your help.
--- Scott Leighton
Hi Carlos,
Thanks fro the reply.. but I'm still confuse at what cause these message to appear ... I have google aroun a bit.. but nothing to what cause them, how to
On Monday 30 May 2005 10:33 am, MindBender wrote: prevent
it .. thks
What are you googling for? A quick look for TCP: Treason > uncloaked! turns up tons of references explaining what is going on.
Scott
-- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.11.4-20a-default x86_64
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
|__|___|___|__\\|// - ?__|___|_____|___|_____| |__|___|___|__(o o)______|___|_____|___|_____| |__|___|___oOOO(_)OOOo____|___|_____|___|_____| email : ephlodur@rocketmail.com What we need is Awareness we can't get carelless. __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new Resources site http://smallbusiness.yahoo.com/resources/
MB, On Monday 30 May 2005 18:00, MindBender wrote:
Hi Scott I don't know if you have noticed most of the answer claim it a software they have installed none really are clamming the same software .... do you know what cause these messages and should I worried about them
Uh... huh... Those messages are notifications of a violation of the TCP protocol by a remote host. It's conceivable they're an attempt at a denial of service attack, but the consensus seems to be that they are probably the result of a bug. In any event, the Linux kernel is not playing along and if the intent is malicious, you will not fall prey.
Thank for your help.
Randall Schulz
On Monday 30 May 2005 6:00 pm, MindBender wrote:
Hi Scott I don't know if you have noticed most of the answer claim it a software they have installed none really are clamming the same software .... do you know what cause these messages and should I worried about them Thank for your help.
We must not be reading the same thing. The material I see points to two possible issues; 1) broken TCP/IP stack on the client machine, which would be completely out of your control unless the client machine is your machine, and, 2) possible attack attempt, which since it is not succeeding, is really only something to note unless you wish to try and pursue the attacker. Admittedly, I did not look past the first page of Google results, but I didn't see any references to recently installed new software and read nothing that would indicate that the problem is on your box, but rather it's on the client box. Scott -- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.11.4-20a-default x86_64
Thansk for your reply Scott.. for now I think I will
just an eyes my logs.
--- Scott Leighton
We must not be reading the same thing. The material I see points to two possible issues;
1) broken TCP/IP stack on the client machine, which would be completely out of your control unless the client machine is your machine, and,
2) possible attack attempt, which since it is not succeeding, is really only something to note unless you wish to try and pursue the attacker.
Admittedly, I did not look past the first page of Google results, but I didn't see any references to recently installed new software and read nothing that would indicate that the problem is on your box, but rather it's on the client box.
Scott
-- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.11.4-20a-default x86_64
__________________________________ Discover Yahoo! Find restaurants, movies, travel and more fun for the weekend. Check it out! http://discover.yahoo.com/weekend.html
participants (4)
-
Carlos E. R.
-
MindBender
-
Randall R Schulz
-
Scott Leighton