# WTF is "TCP: Treason uncloaked!" in my dmesg logs?

## Antimatter

 *Quote:*   

> 
> 
> TCP: Treason uncloaked! Peer 129.74.98.152:4229/16887 shrinks window 1370809679:1370814859. Repaired.
> 
> TCP: Treason uncloaked! Peer 64.105.34.85:1374/16887 shrinks window 916799403:916800698. Repaired.
> ...

 

wtf is this? over an whole day i get aproximatly 100 of these in my logs and i'm wondering wtf they are? and if they have anything to do with bittorando?

----------

## MrUlterior

Amazing what you can find with google ..

1. https://www.redhat.com/archives/redhat-list/2005-June/msg00311.html

2. http://www.linuxquestions.org/questions/archive/3/2003/12/4/127984

 *Quote:*   

> 
> 
> Hmmm, actually searching google gave an answer to this in the very first result. You haven't looked very hard, have you?
> 
> In any case, the short answer is that it looks like someone is spoofing an IP, feigning a connection to your http and pop3 servers, then setting their window size to 0 so your daemon sits there trying to send them the data over and over (for instance, they may start a connection and immediately set their window to 0, so you cannot send back the http or pop3 connection banner message). Interestingly enough, this IP address is from unallocated space and the exact same IP shows up in other posts about the same message. I suspect it's a DoS tool that is in circulation, or the same attacker (since the IP is often the same).
> ...

 

But the basic gist is that someone is attempting something malicious. Piss off some script kiddies reccently?

----------

## Antimatter

 *Quote:*   

> 
> 
> But the basic gist is that someone is attempting something malicious. Piss off some script kiddies reccently?
> 
> 

 

I actualy have no idea there, I'm running on satillite modem with 64 KiB down and 6 KiB up, so it wouldn't be that great of an zombie server because of my crappy upload rate and crappy ping, it usualy execed 3,000+ ms to ping the satillite centeral server. So... yeah.

The satillite modem is connected to an window xp box with no firewall on it, *shungs* its my parent's computer and its their job to keep the security up but they don't, but I probably need to work on that, but i can't get service pack 2 to work on the damn thing.

Satillite -> xp computer -> my computer.

and only thing that is forwarded from the window xp computer is 9 port that i randomly selected for bittorrent. and that's IT.

As of pissing off script kiddies, I have no idea there, I haven't been on aim seince ive came home about an month ago, and i have only done a few e-mails to collages and relatives. and mainly surfing forums, lurking at most of em.

So I highly doubit I pissed anyone off to my knowledge, and it only happened recently.

And sorry for not searching, it was 2 am in the morning and I was pretty tired, was just doing some premilary checkups before I shutdown the machine and I saw this.

But with that in mind, is there any good firewall for the window xp box so i can install some and tighten things up a bit.

----------

## cs.cracker

I would recommend getting a router instead of a software firewall, that way you will not have to rely on another machine for your security.

----------

## Antimatter

 *cs.cracker wrote:*   

> I would recommend getting a router instead of a software firewall, that way you will not have to rely on another machine for your security.

 

I am, an linksys wireless router, i need wireless for laptop and i figured perfect time to also grab an router, so it'll do untill i do some more research on some of the embeaded solution out there.

An interesting thing i noticed is i shut down my bit-torrent upload and download and the tcp corruption has stopped, but when i turn bit-torrent back on i start get mass tcp corruption.

so any ideas there?

i'm using bit-torando

----------

