This was logged by one of my servers the other day (potato, upgraded with the necessary packages to run kernel 2.4.2): Mar 31 08:40:48 debian kernel: TCP: peer xxx.xx.xx.xx:41760/20 shrinks window 3735214707:8280:3735227987. Bad, what else can I say? The IP address, obviously, has been replaced with x's here. I haven't ever seen the message before. I have heard of some vulnerabilities in various firewall code that allows bogus IP header 'offset' fields to be used to avoid firewall packet matching rules. Might this be an attempt at something like that? Might this merely have been a packet that got horribly mangled somewhere on the internet, completely unintentionally? Any thoughts? Thanks. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgpz3PLMHneHz.pgp
Description: PGP signature