Security Basics mailing list archives
Re: TCP Syn Flooding
From: Steve Suehring <sec () braingia org>
Date: Tue, 18 Feb 2003 07:56:53 -0600
While I obviously can't guarantee it, I would sincerely doubt that there is a true syn flood taking place sourced in the doubleclick network. What were you doing at the time? Possibly surfing the web? Those source and destination ports look awfully like you were surfing the web and doubleclick's side tried to open a connection to you for their load balancing software. My guess would be that the netgear is picking up a false positive. Searching deja reveals that this may be the case after all: http://groups.google.com/groups?oi=djq&selm=an_523012517 Steve On Sat, Feb 15, 2003 at 09:20:46AM -0500, Tim Laureska wrote:
OK. I just installed a Netgear firewall box between a cable modem and a NT 4.0 server on a small network.. and set it up to email me attempts at security breaches. I am brand new to these devices and a relative neophyte to internet/internal network security. So the question is this. I received this message a few times yesterday after I installed the box: Fri, 02/14/2003 20:35:01 - TCP connection dropped - Source:205.138.3.201, 80, WAN - Destination:69.2.167.25, 20306, LAN - 'TCP:Syn Flooding' End of Log ---------- What should I make of this? T.
Current thread:
- Re: TCP Syn Flooding, (continued)
- Re: TCP Syn Flooding Ivan Hernandez (Feb 17)
- RE: TCP Syn Flooding Craig Searle (Feb 18)
- RE: TCP Syn Flooding Tim Laureska (Feb 18)
- RE: TCP Syn Flooding Craig Searle (Feb 18)
- RE: TCP Syn Flooding Tim Laureska (Feb 18)
- RE: TCP Syn Flooding Tim Laureska (Feb 18)
- Re: TCP Syn Flooding Anders Reed Mohn (Feb 18)
- Re: TCP Syn Flooding neopara (Feb 18)
- RE: TCP Syn Flooding Tim Laureska (Feb 19)
- RE: TCP Syn Flooding neopara (Feb 20)
- Windows auditing eric (Feb 22)
- RE: TCP Syn Flooding Tim Laureska (Feb 19)
- RE: TCP Syn Flooding Anomaly (Feb 18)
- RE: TCP Syn Flooding s7726 (Feb 19)