Results 1 to 3 of 3
  1. #1
    Join Date
    Oct 2003
    Location
    Hanoi
    Posts
    4,309

    TCP: Treason uncloaked

    Hello

    one of our servers seems under attack. In dmesg, it shows

    TCP: Treason uncloaked! Peer 203.113.161.127:1377/80 shrinks window 1801780131:1801784427. Repaired.
    TCP: Treason uncloaked! Peer 161.57.231.33:2622/80 shrinks window 2655921439:2655933284. Repaired.
    TCP: Treason uncloaked! Peer 203.113.162.154:1275/80 shrinks window 224138556:224141588. Repaired.
    TCP: Treason uncloaked! Peer 203.113.162.154:1275/80 shrinks window 224218580:224220348. Repaired.

    I have suspended the account under attack, but is there anyway to protect from this kind of attack?

    thanks

  2. #2
    Join Date
    Oct 2003
    Location
    Long Island, New York
    Posts
    220
    This seems possibly indicitive of an attack, however it looks more like a malfunctioning IP stack. I don't see how you could relate this to a particular vhost or user account.. Can you explain more about how you did that?
    TWSites.com - Business Web Hosting Solutions & Server Management Since 2003

  3. #3
    That is completely harmless. Ignore it, and turn off the warning message.
    Dr. Colin Percival, FreeBSD Security Officer
    Online backups for the truly paranoid: http://www.tarsnap.com/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •