Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th November 2009, 11:36
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
Default TCP: Treason uncloaked! DOS Attack?!?

Hi guys why I get this message?

Code:
TCP: Treason uncloaked! Peer 202.162.56.156:32774/80 shrinks window 4292658673:4292661409. Repaired.
TCP: Treason uncloaked! Peer 202.162.56.156:32775/80 shrinks window 4288253267:4288254350. Repaired.
TCP: Treason uncloaked! Peer 202.162.56.156:32774/80 shrinks window 4292658673:4292661409. Repaired.
I have read that it can be a DOS Attack!

Is there a way to use the connlimit option or the iptables, the ipt_limit ?

Last edited by vaio1; 18th November 2009 at 13:12.
Reply With Quote
Sponsored Links
  #2  
Old 3rd December 2009, 09:10
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
Default

What these lines mean?

Code:
TCP: Treason uncloaked! Peer 195.166.224.253:3982/80 shrinks window 925469884:925469885. Repaired.
TCP: Treason uncloaked! Peer 195.166.224.253:3982/80 shrinks window 925469884:925469885. Repaired.
ip_tables: (C) 2000-2006 Netfilter Core Team
Netfilter messages via NETLINK v0.30.
ip_conntrack version 2.4 (8192 buckets, 65536 max) - 228 bytes per conntrack
Thanks
Reply With Quote
  #3  
Old 3rd December 2009, 09:27
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

These messages can mean alot of things actually ..

I've did some research on the web about these since i've them on my webservers as well. They say it can be alot of things: tarpit attacks, buggy TCP stacks, buggy nic card drivers, spam bots, denial of service attacks,bandwidth shaper effects.

But i'm thinking it has something to do with the TCP queue on the machine. So i'd say as long as it's not a high traffic server and your production environment is not bothered by it, ignore it. As i said before, we have 100's of these lines in our logfiles every week and our servers keep on running.

Code:
ip_tables: (C) 2000-2006 Netfilter Core Team
Netfilter messages via NETLINK v0.30.
ip_conntrack version 2.4 (8192 buckets, 65536 max) - 228 bytes per conntrack
This just means iptables is loaded and is able to use connection tracking.
Reply With Quote
  #4  
Old 3rd December 2009, 12:01
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
 
Default

Thanks Mark_NL.

As you can see in the file attached there is not a big traffic in this server.
Attached Images
 
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
mail not working at all (perfect set-up CentOS 5.3 x86_64) kird03 Installation/Configuration 17 30th July 2009 20:40
Unable to receve email aberrio Server Operation 16 8th July 2009 10:26
How Would I Secure A SMTP Server Other Than Using SMTP Auth ?? giganet Server Operation 10 3rd February 2009 19:26
Howto analyse a IPTables firewall issue? chillifire Installation/Configuration 2 27th August 2008 07:23
Opening TPC ports thehappyappy Installation/Configuration 12 7th May 2008 18:39


All times are GMT +2. The time now is 13:57.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.