Re: Apr 17 10:49:49 teks kernel: TCP: Treason uncloaked! Peer 210.135.175.47:43827/
> > Apr 17 10:49:49 teks kernel: TCP: Treason uncloaked! Peer
> > 210.135.175.47:43827/
> > 80 shrinks window 2321430930:2321431630. Repaired.
> >
>
> So it appears that someone is running some sort of "tar-pit" system that
is
> designed to keep sockets in a bad state and run you out of kernel
memory.
>
> I suspect that this ties in with the spam blocking things we recently
> discussed. Maybe you should tell your ISP that they are to blame for
such
> actions being done to you and that they should "give you face" (I think
that
> was the term you used) by closing their open relays.
One would have hoped the net code in Linux would have been able to
gracefully (more or less) handle such cases, such as leaving ports open or
hanging and such. But I don't know the net code in Linux... so I can't
presume or assume anything.
> > I think the following is unrelated, but I also found a lot of them
(50+)
> > in the logs:
> >
> > About 6 hours later, the box crashed (not sure if it could be related
to
> > the above attacks).
>
> Someone who's doing the tar-pit attack would probably like your box to
crash,
> but I'd hope that Linux can withstand such things, and there is
special-case
> code in there to deal with it. My guess is that your posting to the
> ide-arrays list about 3ware driver problems is a more likely explanation
of
> the crash.
>
That may be it... I sent the logged errors to 3ware for their analysis as
well, and I'll post any reply i get from them to the mailing list so we
can all know.
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: