On Wed, 22 Aug 2007 23:48:55 +0200 Hans-Werner Hilse <[EMAIL PROTECTED]> wrote:
> Hi, > > On Wed, 22 Aug 2007 12:18:16 -0700 > Grant <[EMAIL PROTECTED]> wrote: > > > Sometimes I get "Treason uncloaked!" in dmesg when running > > bittorrent. The solution here: > > > > http://www.linuxquestions.org/questions/showthread.php?t=127984 > > > > is: > > > > You'd best set iptables to block all packets from BOGON networks > > (nets that shouldn't exist) so you can avoid this type of attack. > > You may find a list of bogon nets here. Note: unallocated nets > > change from time to time! Just in November IANA allocated two more > > blocks to RIPE, so you really need to pay attention if you're > > blocking all bogon IPs. > > > > Which doesn't sound great. What would you guys recommend I do? I > > use a Gentoo router. > > Hm, I don't think that those "attacks" (which do no harm to Linux > systems since some 1.x version of the kernel -- the warning is a > reminiscence) will always come from wrong nets. I have those > occasionally on all my larger server installs and never really > bothered about them. It usually means that the other side of the TCP > connection reduced the window to zero size, thus leading stupid TCP > stacks to save information on a basically starved connection. The > kernel just sends an information to the log, so in case if you > recognize the IP and are in charge of the sender, you'll know that it > has a veeeeery broken TCP stack. Essentially: Just ignore it, if the > sender IP doesn't belong to one of your own networks. > > -hwh I found a line in my Treason-related output that pointed to an internal IP on a distcc port. Should I be worried about this computer? It's running a brand new gentoo install and is solely for the purpose of distcc. -- [EMAIL PROTECTED] mailing list
