TCP: Treason uncloaked! DOS Attack?!? Hi guys why I get this message? Code: TCP: Treason uncloaked! Peer 202.162.56.156:32774/80 shrinks window 4292658673:4292661409. Repaired. TCP: Treason uncloaked! Peer 202.162.56.156:32775/80 shrinks window 4288253267:4288254350. Repaired. TCP: Treason uncloaked! Peer 202.162.56.156:32774/80 shrinks window 4292658673:4292661409. Repaired. I have read that it can be a DOS Attack! Is there a way to use the connlimit option or the iptables, the ipt_limit ?
What these lines mean? Code: TCP: Treason uncloaked! Peer 195.166.224.253:3982/80 shrinks window 925469884:925469885. Repaired. TCP: Treason uncloaked! Peer 195.166.224.253:3982/80 shrinks window 925469884:925469885. Repaired. ip_tables: (C) 2000-2006 Netfilter Core Team Netfilter messages via NETLINK v0.30. ip_conntrack version 2.4 (8192 buckets, 65536 max) - 228 bytes per conntrack Thanks
These messages can mean alot of things actually .. I've did some research on the web about these since i've them on my webservers as well. They say it can be alot of things: tarpit attacks, buggy TCP stacks, buggy nic card drivers, spam bots, denial of service attacks,bandwidth shaper effects. But i'm thinking it has something to do with the TCP queue on the machine. So i'd say as long as it's not a high traffic server and your production environment is not bothered by it, ignore it. As i said before, we have 100's of these lines in our logfiles every week and our servers keep on running. Code: ip_tables: (C) 2000-2006 Netfilter Core Team Netfilter messages via NETLINK v0.30. ip_conntrack version 2.4 (8192 buckets, 65536 max) - 228 bytes per conntrack This just means iptables is loaded and is able to use connection tracking.
