RE: TCP Syn Flooding

["Craig Searle" <craig.searle () sift com au>]

Its just a 'script kiddie' trying a DoS attack- I wouldn't really worry if I
were you. Your firewall has picked it up and stopped any problems.

If you are still concerned you want to consider setting your firewall to
block that IP altogether.

Craig Searle
SIFT Pty Ltd
www.sift.com.au

P (02) 9236 7276
F (02) 9236 7271
M 0402 914 077
E craig.searle () sift com au

Level 67, MLC Centre,
Martin Place, Sydney NSW 2000

[ABN 42 094 359 743]

This correspondence is for the named person's use only. It may contain
confidential or legally privileged information or both. No confidentiality
or privilege is waived or lost by any mistransmission. If you receive this
correspondence in error, please immediately delete it from your system and
notify the sender. You must not disclose, copy or rely on any part of this
correspondence if you are not the intended recipient. Any opinions expressed
in this message are those of the individual sender, except where the sender
expressly, and with authority, states them to be the opinions of SIFT Pty
Ltd.



-----Original Message-----
From: Tim Laureska [mailto:hometeam () goeaston net] 
Sent: Sunday, 16 February 2003 01:21 AM
To: security-basics
Subject: TCP Syn Flooding


OK. I just installed a Netgear firewall box between a cable modem and a NT
4.0 server on a small network.. and set it up to email me attempts at
security breaches. I am brand new to these devices and a relative neophyte
to internet/internal network security.  So the question is this. 

I received this message a few times yesterday after I installed the box:


Fri, 02/14/2003 20:35:01 - TCP connection dropped - Source:205.138.3.201,
80, WAN - Destination:69.2.167.25, 20306, LAN - 'TCP:Syn Flooding' End of
Log ----------

What should I make of this?
 
T.