Scottie puppies rock! And there were seven of them!
When we left, the eyes were open, the ears were starting to stand up and even some teeth were starting to show!
It would have been so simple, so easy, to just sneak one onto the plane — SA Express would never have known!
Could have shared the ‘mid-afternoon snack’ bagle and everything! [piclens-lite-link]
This kind of error message has been popping up in some of the servers’ log files (mainly in the US):
1 | X Time(s): TCP: Treason uncloaked! Peer 195.166.XXX.YYY:18549/80 shrinks window 94463210:94463211. Repaired. |
Doing any kind of google.com search (or yahoo.com for that matter) doesn’t give much of a hint as to what that’s all about.
There’s a mix of opinions.
RedHat Magazine puts this down to an “informative message. It is not a problem with the system.” which is rightly chastised by the comments following it.
Other scenarios are provided, such as that it’s a low-level DoS attack (to simply keep sockets open that will use up resouces)
This is backed up by the comment (hurray for comments!!) in the tcp_timer.c code in the ipv4 net code:
/* Receiver dastardly shrinks window. Our retransmits
* become zero probes, but we should not timeout this
* connection. If the socket is an orphan, time it out,
* we cannot allow such beasts to hang infinitely.
*/
So, it’s highly likely that it’s a tar-pit somewhere that’s trying to eek out resources.
A blunt approach would
1 | iptables -A INPUT -s 195.166.XXX.YYY -j DROP |
quite a definite defense mechanism (should they not be spoofing, which they most probably are…) — in this case, they claim to be from Nicaragua…
Two alternative explanations present themselves:
Not highly likely…
Will keep monitoring 
