[TriLUG] A kernel message I'm not familiar with
crimsun at fungus.sh.nu
crimsun at fungus.sh.nu
Tue Apr 25 13:17:20 EDT 2006
On Tue, Apr 25, 2006 at 10:51:47AM -0400, Tanner Lovelace wrote:
> Apr 25 09:31:39 bebop kernel: TCP: Treason uncloaked! Peer
> 200.219.181.35:24117/80 shrinks window 3787637969:3787637970.
> Repaired.
It is not necessarily an attack at all. Many packet manglers (packeteer
comes to mind) do ... interesting things.
The code in question is part of the TCP retransmit timer and deals with
the receiver [mistakenly|maliciously] shrinking the receive window. The
stack works around that.
You shouldn't be alarmed offhand. If it happens repeatedly, there's
probably muckery afoot upstream.
Thanks,
--
Daniel T. Chen crimsun at ubuntu.com
GPG key: www.sh.nu/~crimsun/pubkey.gpg.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20060425/12aba02b/attachment.pgp>
More information about the TriLUG
mailing list