Please forgive my igonorance but our cluster of load balanced web servers
suddenly produced a run of:
TCP: Treason uncloaked! Peer XXX.XXX.XXX.XXX:4968/6666 shrinks window
2154146057:2154152518. Repaired.
lines in our error logs. I have tracked this down to timer.c and I can see
sort of what's going on [ please correct me if I'm wrong but I think a
client is saying 'send me something - ah but not at the moment because I'm
not ready to receive - but don't close the connection']. Question is are
multiple instances of this from multiple IPs a DoS possiblility. I assume
that the connections are kept open if the client connecting doesn't actually
go away so surely lots of these ocurring at once would overload a server. I
have googled this and an occasional instance seems normal and could be down
to a broken client, but lots from different IP addr's at once??
I'm a bit concerned that maybe someone is warming up for a hit or something.
Thanks
Tim
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/