Solved

TCP: Treason uncloaked!

Posted on 2003-11-05
11
14,320 Views
Last Modified: 2012-06-27
Hi!

I am having redhat linux 7.2 server . while typing the dmesg in the shell i am getting the following message.

# dmesg

TCP: Treason uncloaked! Peer 202.162.56.156:32867/22 shrinks window 2070208664:2070208728. Repaired.
TCP: Treason uncloaked! Peer 202.162.56.156:32867/22 shrinks window 2070208664:2070208728. Repaired.
TCP: Treason uncloaked! Peer 202.162.56.156:32922/22 shrinks window 2811533730:2811533794. Repaired.


That server is co-located server that is remote host.

I am trying to access the websites in my client system which is hosted in the server.

The problem is the site is not clear. some times it is displaying well. some times not clear.

It is displaying with <tag> <html>

What is the solution. Any ideas ?

Kindly help me in this regard.


Regards
Basbosco





0
Comment
Question by:Loganathan Natarajan
11 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 9686348
I'd say there's two different issues here and they probably aren't related. The TCP errors would tend to point to a problem with the ssh client/system you are using. If I understand your problem with the web site it sounds like some of the data that you expect to be rendered by a browser is showing up as the raw HTML code. That would point to a problem with the HTML pages themselves, or if they are being generated by a scripting language (PHP, Perl, etc) with the code that generates the page.
0
 

Expert Comment

by:linuxsub
ID: 9690660
The reason Linux is printing such messages is because your client guy is shrinking the TCP Window to 0, and the server has something to retransmit. There is something seriously wrong with your client's  stack. Which Stack/OS are you using on he client side, and which browser?

That could explain your browser showing some html tags as the server fails to send the whole page across and based on what browser you are using it is failing to parse it out.
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 9693045
As my predecessors have said, the error means a broken stack on the client side. Or maybe an (pretty silly) attack.
Or a new firewall policy from your ISP or a broken device along the way (although I think this is quite unlikely).

Anyway:
1. do you find any other errors linked to the TCP/IP stack ? Something about wrong checksums ?
2. Are you using any mobile devices ? Some of those seem to have funny ideas about TCP/IP.
3. Do you recognize the IP (202.162.56.156) ?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 22

Expert Comment

by:pjedmond
ID: 9933877
The IP 202.162.56.156 does not appear to be a valid registered IP to anyone, and it is not an 'internal network ip' as far as I'm aware, therefore, I'd treat this particular incident suspiciously.

Unfortunately, I can't reproduce this error, even with a RedHat 7.2 Server available to me.

I suspect that this message was as a result of an attempted attack on your sshd. As a result of the number of packets being sent, you attempts to access anything else were messes with, and unable to complete. Therefore I recommend:

a.  Check whether you have sshd running. If you don't need it, then get rid of it.
b. If you do need sshd, then check version number (rpm -q sshd), and go here:

http://www.openssh.com/security.html

Check whether your sshd needs to be updated, and update as required.

HTH:)

0
 
LVL 22

Expert Comment

by:pjedmond
ID: 9933887
Of course if you are not using sshd - just bloke port 22 with your firwall:)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 9936993
> .. then check version number (rpm -q sshd),
please don't rely on rpm (or packages anyhow) but use
   sshd -V
to get the real version.
Think secure, not guessing ;-)
0
 

Accepted Solution

by:
savash earned 500 total points
ID: 10458296
The client is "shrinking the TCP Window to 0" and it cause the problem. So, what to do to prevent this issue ?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11253224
logudotcom, could you please explain your grading
0
 

Expert Comment

by:mgbyrne2004
ID: 11498004
*** advertising removed by Netminder, Site Admin ***
0
 

Expert Comment

by:buckaro0
ID: 12243755
Just to comment on pjedmond's remark that you should treat this suspiciously... I'm not so sure.

 -- the original IP address 202.162.56.156 is a _valid_ IP address, with a registered operator in India.
so it's not as suspicious as a packet coming from an unallocated source.

inetnum:      202.162.48.0 - 202.162.63.255
netname:      SPACENET
descr:        HCL Comnet, Internmet Service Provider on VSATs, India
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

774 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question