Treason Uncloaked

TCP: Treason uncloaked! Peer 203.12.220.221:59131/80 shrinks window
76154906:76154907. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.227:39670/443 shrinks window
280180313:280180314. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.227:39670/443 shrinks window
280180313:280180314. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.227:39670/443 shrinks window
280180313:280180314. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.237:53759/80 shrinks window
283676616:283676617. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.237:36407/80 shrinks window
352393585:352393586. Repaired.
TCP: Treason uncloaked! Peer 203.12.220.237:38616/443 shrinks window
529411143:529411144. Repaired.
TCP: Treason uncloaked! Peer 58.139.248.9:7611/443 shrinks window
2279076446:2279076447. Repaired.

If this is caused by sending strange packets that consume kernel memory, perhaps adding some of these attacker IP addresses to an iptables rule to drop the packets would help. The attacker(s) will probably keep moving to another IP address, so you have get a script to read the logs ("grep Treason") and add new blocking rules to iptables (maybe your old system uses 'ipchains' instead).

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
This entry was posted on 31/01/2007 (Wednesday) at 3:58 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Printed from: http://rackerhacker.com/2007/01/31/treason-uncloaked/ .
© Major Hayden 2010.

Leave a Reply