如果看到这些dmesg输出消息，则表明有人在攻击您的服务器。
可能是通过发送零散的数据包。

TCP: Treason uncloaked! Peer 0.0.0.0:00000/80 shrinks window
76154906:76154907. Repaired.

可以通过在IPtables中手动阻止此IP来避免这种情况，或者如果这是DDoS攻击，则可以使用自动脚本。
参见上文(谨慎使用)。

简短的脚本：

#!/bin/bash
for ATTACKER_IP in $(dmesg | grep 'Treason uncloaked!' | cut -d' ' -f5 | cut -d':' -f1 | sort --unique)
do
iptables -A INPUT -s $ATTACKER_IP -j DROP
done

复杂脚本：

---cut--
iptables -F TREASON
iptables -X TREASON
iptables -N TREASON

... (your rest of the rules)

iptables -j TREASON # insert before state established and other lines

---cut--

Then, the below script should be in a cronjob (run once every whatever interval you feel fit).

---cut--
#!/bin/bash

# Stupid shell script to stop stupid TCP Treason attacks
# Setup cronjob to stop them

# First, flush and clean Treason rules
iptables -F TREASON
#iptables -X TREASON
#iptables -N TREASON

for ATTACKER_IP in $(dmesg | grep 'Treason uncloaked!' | cut -d' ' -f5 | cut -d':' -f1 | sort --unique)
do

FOUNDIT=0

for DONTBLOCK in $(route -n | grep -v Destination | grep -v Kernel | awk '{print }' | sort | uniq && ifconfig -a | grep inet | cut -f 2 -d ':' | cut -f 1 -d ' ' | sort | uniq)
do
# echo "Checking $DONTBLOCK against $ATTACKER_IP ..."
if [ "$DONTBLOCK" = "$ATTACKER_IP" ]; then
# echo "UHOH! Hacker using forged local IP! Don't block it!"
FOUNDIT=1
fi
done

if [ "$FOUNDIT" = "0" ]; then
# echo "Hacker IP $ATTACKER_IP not found in don't block list... Dropping"
iptables -A TREASON -s $ATTACKER_IP/32 -j DROP
fi
done
iptables -A TREASON -j RETURN

---cut--