The Ethical Hacker Network

Latest Additions

Who's Online

EH-Net Donations

Google Ads

EH-Net News Feeds

Latest Additions

Book Recommendations

lovewadhwa

Newbie

Offline

Posts: 17

DOS logs

« on: June 26, 2008, 07:39:03 AM »

Hi i have been receiving the following on running dmesg on one of my linux servers.Seems to be a sort of DOS attack.I need to reproduce it.But unable to get the tool which can do the same.Can anybody out there help me.

TCP: Treason uncloaked! Peer 195.166.241.58:62516/80 shrinks window 1125437396:1125437397. Repaired.
TCP: Treason uncloaked! Peer 195.166.241.58:62516/80 shrinks window 1125437396:1125437397. Repaired.
TCP: Treason uncloaked! Peer 195.166.241.58:62516/80 shrinks window 1125437396:1125437397. Repaired.
TCP: Treason uncloaked! Peer 210.212.88.48:2339/80 shrinks window 1732317231:1732317232. Repaired.
TCP: Treason uncloaked! Peer 88.202.127.229:51950/80 shrinks window 3906350758:3906350759. Repaired.
TCP: Treason uncloaked! Peer 203.199.30.15:53364/80 shrinks window 3067016690:3067019450. Repaired.


	Logged

lovewadhwa@gmail.com

lovewadhwa

Newbie

Offline

Posts: 17

Re: DOS logs

« Reply #1 on: July 02, 2008, 11:57:09 PM »

Can anyone help regarding the same.Can see the views hits increasing but nothing as a reply.Plz help.


	Logged

lovewadhwa@gmail.com

dean

Full Member

Offline

Posts: 130

Re: DOS logs

« Reply #2 on: July 03, 2008, 01:02:20 PM »

lovewadhwa,

The message indicates that the remote host changed the tcp window size without renegotiating the size with your server. Newer kernels will handle this without any problems. The message gets printed when the client shrinks the tcp window size and the server still has data to transmit.

Is your server a webserver? It could be an attack. A common DoS on web servers is to use up all available connections by not completing the 3-way handshake and having that socket remain in a half open state. A network capture of the traffic will confirm this.

Check your server logs and any other facilities you may have for detecting attacks. (Firewall, IDS, etc) They may show additional details.

More than likely it is a broken client somewhere.

You could probably script hping to replicate this type of attack.

dean


	Logged

lovewadhwa

Newbie

Offline

Posts: 17

Re: DOS logs

« Reply #3 on: July 08, 2008, 02:42:37 AM »

Hi
Thanx a lot for ur response.Have played with hping tool but couldn't replicate the same.Can u plz provide the arguments to be given to hping to replicate the same.Plz help.

Thanx a ton.


	Logged

lovewadhwa@gmail.com

Pages: [1] Go Up

« previous next »

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

Try CBT Nuggets Free!

Recent Forum Topics

Programming : Using Assembly to access locked files (1) by NickFnord
Other : New to Ethical Hacking? (2) by cleanwithit0607
Forensics : Working for the dark side (6) by pseud0
Tools : NetWitness Investigator is now free! (4) by SynJunkie
Malware : Military Bans Removable Media (8) by sgt_mjc
Programming : Exploits (5) by cleanwithit0607
CEH - Certified Ethical Hacker : MSS from EC-Council? (9) by BillV
Looking To Hire : Looking for a Security Intelligence and Analytics Specialist (0) by liztownsend
Malware : Microsoft to Offer Free Anti-malware Tool (8) by jason
Network Pen Testing : page action (3) by lovewadhwa
Tools : Metasploit 3.2 released (1) by RoleReversal
Mass Media : Movie: Untraceable (7) by jason
Hardware : DD-WRT FTW! (1) by jason
Hardware : DIY USB Keystroke Logger? (0) by jason
Oct 2008 - Scooby Doo and the Crypto Caper : [Article]-Scooby Doo and the Crypto Caper (4) by trolley
Forensics : It's time to get that data back! (4) by sgt_mjc
Forensics : Gaining experience... first steps (5) by sgt_mjc
News from the Outside World : OS with Highest Security Rating from NSA goes Commercial (3) by jason
Other : Microsoft Hyper-V Server 2008 Released, Free (3) by sgt_mjc
Book Reviews : The Art Of Exploitation (3) by apollo
Social Engineering : How to Run a Con (0) by jason
Social Engineering : History Channel's Secrets of Body Language (2) by jason
Social Engineering : Facial Expression Test (0) by jason
CEH - Certified Ethical Hacker : Howdy - study question/labs bootcamp etc. (3) by BillV
Other : PC geeks Inc. (0) by iSmith
Other : UK Data Protection Act (3) by RoleReversal
Other : Yahoo CEO Jerry Yang to Step Down (0) by don
Network Pen Testing : Backtrack 3 Install (2) by KrisTeason
Certification : 7 Types of Hard CISSP Exam Questions and How To Approach Them (4) by jason
CEH - Certified Ethical Hacker : new guy (1) by jason
Programming : Small Basic (2) by jason
Other : Where to start? (5) by jason
Certification : I need your advice connecting to IS certs and careers (3) by jason
News from the Outside World : Deleting your digital past (0) by jason
OSCP - Offensive Security Certified Professional : Next Up OSCP101 v2.0 (31) by jason
Forensics : Data Recovery (6) by jason
Tutorials : problem with use MSF (12) by geekyone
Book Reviews : Hacking Exposed, 5th Edition (5) by cleanwithit0607
Forensics : Looking for advice on pursuing forensics.. (3) by Ketchup
Tutorials : about Metasploit 3.1 plz help (4) by mr.Z

Support EH-Net by Buying all of your Amazon items using the search bar above. Try CBT Nuggets Free!

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

Try CBT Nuggets Free!