On Wednesday 22 August 2007, Grant wrote: > > > > and then a whole bunch of these: > > > > > > > > TCP: Treason uncloaked! > > > > > > Hmm, are you running a server? This sounds like a DOS attack (someone > > > probably spoofing an address and then reducing their window size to 0, > > > so that your machine keeps trying to send them the packet over & over > > > again). You should be able to tweak your IP tables to identify such > > > phony addresses and block them. > > > > > > Someone more clued up on server attacks ought to help out here. > > > > This guy looks as if he has looked into it . . . and then some! > > > > http://www.informedbanking.com/acc/nxwiki/view/TCP-Treason-Uncloaked.html > > Nice find. Very thorough, but he concludes with this: > > Still happening. Happened this morning at 6:00AM on eth2, when there > was no traffic control running, ruling out the possibility that it > could be caused by that.
Sure, he concluded that it had nothing to do with traffic shaping. Therefore, previous causes are still under investigation; e.g. a deliberate DOS attack and what have you. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.