[TriLUG] A kernel message I'm not familiar with
Warren Myers
volcimaster at gmail.com
Tue Apr 25 21:40:27 EDT 2006
I found an answer here:
http://www.experts-exchange.com/Security/Linux_Security/Q_20598156.html
scroll down to the bottom to see the responses
On 4/25/06, Tanner Lovelace <clubjuggler at gmail.com> wrote:
>
> On 4/25/06, crimsun at fungus.sh.nu <crimsun at fungus.sh.nu> wrote:
> > On Tue, Apr 25, 2006 at 10:51:47AM -0400, Tanner Lovelace wrote:
> > > Apr 25 09:31:39 bebop kernel: TCP: Treason uncloaked! Peer
> > > 200.219.181.35:24117/80 shrinks window 3787637969:3787637970.
> > > Repaired.
> >
> > It is not necessarily an attack at all. Many packet manglers (packeteer
> > comes to mind) do ... interesting things.
> >
> > The code in question is part of the TCP retransmit timer and deals with
> > the receiver [mistakenly|maliciously] shrinking the receive window. The
> > stack works around that.
> >
> > You shouldn't be alarmed offhand. If it happens repeatedly, there's
> > probably muckery afoot upstream.
>
> I was actually more amused by the error message ("Treason uncloaked!")
> than alarmed but your point is well taken. I've only seen one of these in
> my logs while I see people trying to log into ssh every single day. :-(
>
> A friend in irc pointed me to this mailing list message which seems
> to suggest the client is trying to (reverse) "tar-pit" my system and
> "run [me] out of kernel memory".
>
> https://www.redhat.com/archives/redhat-list/2005-June/msg00311.html
>
> That's an interesting idea, but from the log message, it seems
> the kernel hackers already thought of that.
>
> Cheers,
> Tanner
> --
> Tanner Lovelace
> clubjuggler at gmail dot com
> http://wtl.wayfarer.org/
> (fieldless) In fess two roundels in pale, a billet fesswise and an
> increscent, all sable.
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
--
http://warrenmyers.com
"God may not play dice with the universe, but something strange is going on
with the prime numbers." --Paul Erdős
"It's not possible. We are the type of people who have everything in our
favor going against us." --Ben Jarhvi, Short Circuit 2
More information about the TriLUG
mailing list