Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Paul Schwartz on November 18, 2003, 07:41:03 PM
-
This is full of stuff like this in my messages log files...
Nov 18 02:17:04 e-smith kernel: TCP: Treason uncloaked! Peer xxx.xxx.xx.xx:80/51935 shrinks window 2097309742:2097310055. Repaired.
Nov 18 02:17:43 e-smith last message repeated 3 times
Nov 18 02:20:02 e-smith last message repeated 2 times
-
Its logging a tcp protocol violation by the other end. Window shrinking isnt allowed in the spec..
So check out the client machine, what OS is it?
-
Good question. It's out on the Internet. The reason I am concerned is that it seems to crash my server at the same time (SME 5.6 -- latest updates).
I'll see what I can dig out.
-
http://www.nblug.org/pipermail/talk/2003-April/003560.html
This April 2003 post talks about DOS on a linux server. Is the 2.4.18-5 kernel vulnerable in SME 5.6?
-
And see this. This sounds like my problem. It crashes the machine. Looks like it might be a security issue.
http://www.atm.tut.fi/list-archive/debian-security/msg07503.html
-
Please report this ASAP to Mitel at smesecurity@mitel.com.
thanks,
Michiel
-
Here is what I suspect.
The treason uncloaked messages are causing squid to use too much memory, because it slows down and finally nobody can surf the web.
You can still ping outside/external addresses, so only the squid proxy side of things stops working. Maybe a memory leak in squid?
-
as Michiel supposed, post it to the buglist of Mitel.
if it is really a bug, they will fix it.
cheers klaus