Security Basics mailing list archives
Re: TCP Syn Flooding
From: "Chris Berry" <compjma () hotmail com>
Date: Mon, 17 Feb 2003 10:19:11 -0800
From: "Tim Laureska" <hometeam () goeaston net> OK. I just installed a Netgear firewall box between a cable modem and a NT 4.0 server on a small network.. and set it up to email me attempts at security breaches. I am brand new to these devices and a relative neophyte to internet/internal network security. So the question is this. I received this message a few times yesterday after I installed the box: Fri, 02/14/2003 20:35:01 - TCP connection dropped - Source:205.138.3.201, 80, WAN - Destination:69.2.167.25, 20306, LAN - 'TCP:Syn Flooding' End of Log ---------- What should I make of this?
That your firewall is doing it's job, and that you were right to install one. You firewall is telling you that someone attempted a syn flood. Basically they're violating the tcp three way handshake by sending repeated syn packets in the hopes that it will create a denial of service condition on your server, and possibly cause a stack crash which would allow priveledge escalation. The message is saying that it was detected and the connection dropped to prevent further meddling on their part.
Chris Berry compjma () hotmail com Systems Administrator JM Associates "Quick, easy, or cheap; pick any two." _________________________________________________________________The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Current thread:
- RE: TCP Syn Flooding, (continued)
- RE: TCP Syn Flooding Craig Searle (Feb 18)
- RE: TCP Syn Flooding Tim Laureska (Feb 18)
- Re: TCP Syn Flooding Anders Reed Mohn (Feb 18)
- Re: TCP Syn Flooding neopara (Feb 18)
- RE: TCP Syn Flooding Tim Laureska (Feb 19)
- RE: TCP Syn Flooding neopara (Feb 20)
- Windows auditing eric (Feb 22)
- RE: TCP Syn Flooding Tim Laureska (Feb 19)
- RE: TCP Syn Flooding Anomaly (Feb 18)
- RE: TCP Syn Flooding s7726 (Feb 19)
- RE: TCP Syn Flooding Tim Laureska (Feb 19)