Treason Uncloaked

TCP: Treason uncloaked! Peer 203.12.220.221:59131/80 shrinks window
76154906:76154907. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.227:39670/443 shrinks window
280180313:280180314. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.227:39670/443 shrinks window
280180313:280180314. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.227:39670/443 shrinks window
280180313:280180314. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.237:53759/80 shrinks window
283676616:283676617. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.237:36407/80 shrinks window
352393585:352393586. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.237:38616/443 shrinks window
529411143:529411144. Repaired.
TCP: Treason uncloaked! Peer 58.139.248.9:7611/443 shrinks window
2279076446:2279076447. Repaired.

If this is caused by sending strange packets that consume kernel memory, perhaps adding some of these attacker IP addresses to an iptables rule to drop the packets would help. The attacker(s) will probably keep moving to another IP address, so you have get a script to read the logs ("grep Treason") and add new blocking rules to iptables (maybe your old system uses 'ipchains' instead).

This entry was posted on 31/01/2007 (Wednesday) at 3:58 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.
Printed from: http://rackerhacker.com/2007/01/31/treason-uncloaked/ .
© Major Hayden 2012.

Leave a Reply

 

  • Welcome! I started this blog as a way to give back to all of the other system administrators who have taught me something in the past. Writing these posts brings me a lot of enjoyment and I hope you find the information useful. If you spot something that's incorrect or confusing, please write a comment and let me know. Drop me a line if there's something you want to know more about and I'll do my best to write a post on the topic.
    -- Major Hayden

    Flattr this