PDA

View Full Version : Strange logs



Ricky
20th August 2007, 08:53 PM
Hi!


I'm using FC5 as webserver and i have theses logs:

TCP: Treason uncloaked! Peer 216.139.189.105:60230/80 shrinks window 2891529479:2891529480. Repaired.

TCP: Treason uncloaked! Peer 216.139.189.105:60230/80 shrinks window 2891529479:2891529480. Repaired.

TCP: Treason uncloaked! Peer 88.202.127.239:39649/80 shrinks window 3380409656:3380409657. Repaired.

TCP: Treason uncloaked! Peer 202.174.134.76:59503/80 shrinks window 1499899228:1499899229. Repaired.


Someone know what's this ?


Thanks!!

ccacioppo
20th August 2007, 09:14 PM
From a google search on LinuxQuestions.org: Quote "..the short answer is that it looks like someone is spoofing an IP, feigning a connection to your http and pop3 servers, then setting their window size to 0 so your daemon sits there trying to send them the data over and over (for instance, they may start a connection and immediately set their window to 0, so you cannot send back the http or pop3 connection banner message). ..
..... I suspect it's a DoS tool that is in circulation, or the same attacker (since the IP is often the same)."

You might want to enlist some real help on this in short order if this continues.



CCacioppo