Linux : TCP Treason uncloaked

By | November 22, 2010

If you see those dmesg output message, this mean that someone is attacking your server. Probably by sending fragmented packets.

TCP: Treason uncloaked! Peer 0.0.0.0:00000/80 shrinks window
76154906:76154907. Repaired.

This may be avoid by manually blocking this IP in IPtables or if this is a DDoS attack, automated script may be used. See above (use with caution).

Short script:

Complex script:

 




Be Sociable, Share!