Security Basics mailing list archives
RE: TCP Syn Flooding
From: "Tim Laureska" <hometeam () goeaston net>
Date: Tue, 18 Feb 2003 14:16:37 -0500
The IRC programs pops up in a window when you start the NT box... you can close it down easily enough.... but I'll be darned if I can find where the program is -----Original Message----- From: Chris Santerre [mailto:csanterre () MerchantsOverseas com] Sent: Tuesday, February 18, 2003 2:08 PM To: 'Steve Suehring'; Tim Laureska Cc: security-basics Subject: RE: TCP Syn Flooding You mentioned an IRC program on the NT box. Is it still running or did you kill it? It could be trying to "phone home". Just another idea.
-----Original Message----- From: Steve Suehring [mailto:sec () braingia org] Sent: Tuesday, February 18, 2003 8:57 AM To: Tim Laureska Cc: security-basics Subject: Re: TCP Syn Flooding While I obviously can't guarantee it, I would sincerely doubt that there is a true syn flood taking place sourced in the doubleclick network. What were you doing at the time? Possibly surfing the web? Those source and destination ports look awfully like you were surfing the web and doubleclick's side tried to open a connection to you for their load balancing software. My guess would be that the netgear is picking up a false positive. Searching deja reveals that this may be the case after all: http://groups.google.com/groups?oi=djq&selm=an_523012517 Steve On Sat, Feb 15, 2003 at 09:20:46AM -0500, Tim Laureska wrote:OK. I just installed a Netgear firewall box between a cablemodem and aNT 4.0 server on a small network.. and set it up to emailme attempts atsecurity breaches. I am brand new to these devices and a relative neophyte to internet/internal network security. So the question is this. I received this message a few times yesterday after Iinstalled the box:Fri, 02/14/2003 20:35:01 - TCP connection dropped - Source:205.138.3.201, 80, WAN - Destination:69.2.167.25,20306, LAN -'TCP:Syn Flooding' End of Log ---------- What should I make of this? T.
Current thread:
- RE: TCP Syn Flooding, (continued)
- RE: TCP Syn Flooding Michael Parker (Feb 17)
- RE: TCP Syn Flooding Anomaly (Feb 18)
- Re: TCP Syn Flooding Chris Berry (Feb 17)
- re: TCP Syn Flooding H C (Feb 18)
- RE: TCP Syn Flooding Michael Parker (Feb 18)
- RE: TCP Syn Flooding Fields, James (Feb 18)
- RE: TCP Syn Flooding s7726 (Feb 19)
- RE: TCP Syn Flooding Michael Parker (Feb 19)
- RE: TCP Syn Flooding Hudak, Tyler (Feb 19)
- RE: TCP Syn Flooding Chris Santerre (Feb 19)
- RE: TCP Syn Flooding Tim Laureska (Feb 19)
- RE: TCP Syn Flooding Chris Santerre (Feb 19)
- RE: TCP Syn Flooding Michael Parker (Feb 17)