Treason Uncloaked!

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	sendmail configuration on redhat
•	kernel 2 6 and /dev/sound/mixer not found
•	Promise 378 controller
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	Lotus Notes under Wine
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	rpm database corrupt
•	Command stream end of file while reading
•	qla2300 modules

Treason Uncloaked!

Treason Uncloaked!

2006-09-29 - By Anthony J Placilla

Back

Reply: 1 2 3

Erik wrote:
> My current Server: Redhat AS Release3 2.4.21-4.ELsmp #1 SMP Fri Oct 3
> 17:52:56 EDT 2003 i686 i686 i386 GNU/Linux
>
> I recieve lots of message as below:
>
> CP: Treason uncloaked! Peer 203.12.220.228:30112/80
> <http://203.12.220.228:30112/80> shrinks window 3165578735:3165581495.
> Repaired.
> TCP: Treason uncloaked! Peer 203.12.220.221:59131/80
> <http://203.12.220.221:59131/80> shrinks window 76154906:76154907. Repaired.
> TCP: Treason uncloaked! Peer 203.12.220.227:39670/443

--snippity--

Various posts I've seen seem to indicate that it's being done by the
remote peer. For example:

http://lists.debian.org/debian-isp/2002/04/msg00192.html

"So it appears that someone is running some sort of "tar-pit" system
that is designed to keep sockets in a bad state and run you out of
kernel memory."

try tuning off window scaling.

echo 0 > /proc/sys/net/ipv4/tcp_window_scaling

To see if that fixes things.

--
Tony Placilla, RHCT, GSEC
anthony_placilla@(protected)

GPG-Key-ID: 1024D/C78F8B64 http://pgp.mit.edu
Key fingerprint = A8D5 7AFF CE88 4179 C792 D9A9 F197 2A15 C78F 8B64

--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list