got a centos5.2 web/database server thats on a public coloc, its dmesg fills up with
TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243223020:3243237180. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243227520:3243237180. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243232020:3243237180. Repaired.
I know thats because of random bogosity coming in from the internet, and I really don't care. can I suppress that from filling up the dmesg buffer so I can see more important things like scsi soft errors?
On Thu, 25 Sep 2008 02:15:01 -0700 John R Pierce pierce@hogranch.com wrote:
I know thats because of random bogosity coming in from the internet, and I really don't care. can I suppress that from filling up the dmesg buffer so I can see more important things like scsi soft errors?
Block the ip addresses where it's coming from with iptables or something.
Frank Cox wrote:
On Thu, 25 Sep 2008 02:15:01 -0700 John R Pierce pierce@hogranch.com wrote:
I know thats because of random bogosity coming in from the internet, and I really don't care. can I suppress that from filling up the dmesg buffer so I can see more important things like scsi soft errors?
Block the ip addresses where it's coming from with iptables or something.
they come from random IPs all over the place. further, the port they are sent to is a shoutcast service port, so I can't exactly block that.
On Thu, 25 Sep 2008 11:30:36 -0700 John R Pierce pierce@hogranch.com wrote:
they come from random IPs all over the place. further, the port they are sent to is a shoutcast service port, so I can't exactly block that.
A place to start:
http://www.cymru.com/Documents/bogon-list.html
On Sep 25, 2008, at 1:51 PM, Frank Cox wrote:
John R Pierce pierce@hogranch.com wrote:
they come from random IPs all over the place. further, the port they are sent to is a shoutcast service port, so I can't exactly block that.
A place to start:
If you decide to block bogons, you MUST check back often to see what changes have been made to the list. I've had hundreds of conversations with clueless ISPs and admins about their out of date lists.
Many ISPs and colocation shops already drop bogons in any case.
--Chris
on 9-25-2008 2:15 AM John R Pierce spake the following:
got a centos5.2 web/database server thats on a public coloc, its dmesg fills up with
TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243223020:3243237180. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243227520:3243237180. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243232020:3243237180. Repaired.
I know thats because of random bogosity coming in from the internet, and I really don't care. can I suppress that from filling up the dmesg buffer so I can see more important things like scsi soft errors?
Don't you love some of the more "interesting" messages from the kernel?
I'm surprised they didn't use "Here be dragons"!
On Thu, 25 Sep 2008 11:22:24 -0700 Scott Silva ssilva@sgvwater.com wrote:
Don't you love some of the more "interesting" messages from the kernel?
While amusing, if you read up a bit on what the error message is actually telling you, you will find that it really is a pretty good short-form description of the issue.
Scott Silva wrote:
on 9-25-2008 2:15 AM John R Pierce spake the following:
got a centos5.2 web/database server thats on a public coloc, its dmesg fills up with
TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243223020:3243237180. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243227520:3243237180. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243232020:3243237180. Repaired.
I know thats because of random bogosity coming in from the internet, and I really don't care. can I suppress that from filling up the dmesg buffer so I can see more important things like scsi soft errors?
Don't you love some of the more "interesting" messages from the kernel?
I'm surprised they didn't use "Here be dragons"!
Or revive "Don't worry, Max; everything's gonna be O.K."
On Thu, Sep 25, 2008 at 5:15 AM, John R Pierce pierce@hogranch.com wrote:
got a centos5.2 web/database server thats on a public coloc, its dmesg fills up with
TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243223020:3243237180. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243227520:3243237180. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243232020:3243237180. Repaired.
I know thats because of random bogosity coming in from the internet, and I really don't care. can I suppress that from filling up the dmesg buffer so I can see more important things like scsi soft errors?
You can filter these messages to their own log when using rsyslog and its regex features. I'm not sure how much performance impact you'd take from it, but unless you're a really high-traffic site, it should be just fine.
Jim Perrin wrote:
On Thu, Sep 25, 2008 at 5:15 AM, John R Pierce pierce@hogranch.com wrote:
got a centos5.2 web/database server thats on a public coloc, its dmesg fills up with TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243232020:3243237180. Repaired.
I know thats because of random bogosity coming in from the internet, and I really don't care. can I suppress that from filling up the dmesg buffer so I can see more important things like scsi soft errors?
You can filter these messages to their own log when using rsyslog and its regex features.
No, you can't. Those messages turn up in the kernel ring buffer (aka dmesg). I don't find anything in the rsyslog (or rklogd) manual page on filtering or redirecting those.
I might be wrong, but ...
Cheers,
Ralph
On Thu, Sep 25, 2008 at 6:24 PM, Ralph Angenendt ra+centos@br-online.de wrote:
No, you can't. Those messages turn up in the kernel ring buffer (aka dmesg). I don't find anything in the rsyslog (or rklogd) manual page on filtering or redirecting those.
I might be wrong, but ...
It's entirely possible that I'm confusing rsyslog versions here, but I was under the impression that this could be filtered with '$ModLoad imklog' and then redirecting the regex'd statements elsewhere. It would not affect what shows up in dmesg exactly, but would provide a way to clean up other logging.
John R Pierce wrote:
got a centos5.2 web/database server thats on a public coloc, its dmesg fills up with
TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 82.135.195.32:64905/8032 shrinks window 354477433:354478918. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243223020:3243237180. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243227520:3243237180. Repaired. TCP: Treason uncloaked! Peer 84.158.80.177:61931/8032 shrinks window 3243232020:3243237180. Repaired.
I know thats because of random bogosity coming in from the internet, and I really don't care. can I suppress that from filling up the dmesg buffer so I can see more important things like scsi soft errors?
You could try turning TCP window scaling off which should stop that part of the stack from executing.
How much it will affect the network performance of your box depends on the clients connecting to it...
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
Did this patch make it into the kernel for C5.2?
http://linux.derkeiler.com/Mailing-Lists/Kernel/2006-03/msg03750.html
-
Chris Boyd -
Frank Cox -
Jim Perrin -
John R Pierce -
Kenneth Porter -
Ralph Angenendt -
Robert -
Ross S. W. Walker -
Scott Silva