Mailing List
Home
Linux - General Red Hat Linux discussion list
Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)
Installation - Getting started with Red Hat Linux
Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)
Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)
Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)
Apache Web Server
Oracle database, Microsoft SQL server ...
Subjects
application/x mplayer2 plugin
RPM error: db4 error(16) from dbenv >remove: Device or resource
   busy
Command stream end of file while reading
X Windows problem (xauth)
Upgrading openoffice 1 1 rpm
FTP: connection refused
FTP: connection refused
mount: /dev/cdrom: is not a valid block device
Dell Precision 650, RedHat 9, no sound
how to trace the cause resulting in the crash of bind server
Virus on the list
UNINSTALL RPM MYSQL
usb pen drives: mounting as a user
broadcom network interface
make mrproper
sendmail configuration on redhat
Couldn 't open PID file /var/run/named/named pid Permission denied
Promise 378 controller
kernel 2 6 and /dev/sound/mixer not found
Problem using up2date
mrtg step by step howto/configuration for a newbie?
Compiling and Installing Kernel 2 6
Can 't locate module ppp0, can 't locate module ppp compress 21
HOW I CAN MAKE BOOTABLE FLOPPY DISKET
Lotus Notes under Wine
/etc/security/limits conf question
Intel E/1000 driver
Command stream end of file while reading
rpm database corrupt
qla2300 modules
 
Search:  
Power your search with and, or, +, -, or "some phrase" operators.
Treason uncloaked

Treason uncloaked

2005-02-23       - By Steve Buehler

 Back
   I have a web server that goes down every once in a while. I have to
manually restart. It is running RHL 7.3 with 2.4.20-28.7 for the kernel
with Apache/1.3.27. When I run dmesg, I get the following messages:
TCP: Treason uncloaked! Peer 213.181.83.194:3736/80 shrinks window
4255495905:4255495906. Repaired.
TCP: Treason uncloaked! Peer 213.181.83.194:3736/80 shrinks window
4255495905:4255495906. Repaired.
TCP: Treason uncloaked! Peer 217.26.84.76:17932/80 shrinks window
3332120819:3332120820. Repaired.
TCP: Treason uncloaked! Peer 217.26.84.76:17932/80 shrinks window
3332120819:3332120820. Repaired.
There were more. Mainly from these two addresses, but there were
others. Also some of them were for port 443 (yes, I know...https) instead
of 80.
in the httpd logs I find that the 217 IP listed above is using Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)
The 213 IP shows Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
So I don 't really think it is a specific browser problem like some of the
info I found on the web said.

The /var/log/httpd/ssl_engine_log only shows one entry for:
/Feb/2004 07:25:59 11018] [error] SSL handshake timed out (client
217.26.84.76, server www.mysite.org:443)

I have been googling around on the web and find a lot of info about it, but
nothing that I understand unless we are getting a DOS attack against
us. The closest thing that sounded like something that I could half way
understand was:
"when a client attempts to resize the packet window after the connection
has been established. It 's either a buggy client (buggy web browser or
something) or someone is trying to do a silly DOS attack by having the
linux kernel consume all it 's TCP buffer and so new connections will lag. "
I don 't quite understand the resizing of the packet window. But do
understand a DOS attack. Anyway, by the looks of it everybody who had this
problem (that I found googling) was running an older operating system like
RHL 7.3. Only one instance did I find that someone was getting these
messages on a newer OS than 7.3. That was on RHL 8. So, would it be
logical to assume that if I upgrade the OS to, lets say RHEL 4, that I
probably wouldn 't get these messages anymore? Was it a bug or security
whole that was fixed? Is it in Apache? Or would it be something else?

Thanks
Steve



--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list