Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

SYN Flooding

  • 28-04-2004 9:46pm
    #1
    Squall
    Registered Users, Registered Users 2 Posts: 1,345 ✭✭✭


    My router logged this from earlier tonight. Ive noticed these have happened a few times in the past. Anyone got any advice on how to stop them?

    2004/04/28 21:00:56 ** TCP SYN Flooding ** <IP/TCP> 194.46.85.169:4415 ->> 194.xx.xx.xxx:xxx


Comments

  • #2
    Cake Fiend
    Registered Users, Registered Users 2 Posts: 5,335 ✭✭✭Cake Fiend


    Are the floods always sent from the same IP?
    Always to the same port?
    How long do the attacks last?

    It's a bit of an odd one - if someone is SYN flooding you, they're deliberately trying to DOS your connection. That wouldn't serve any useful purpose, unless this person has something against you (i.e. knows you from somewhere).

    If the floods are always sent to the same port, you could see if you can tell your router to block/stealth that port. It wouldn't make much sense to SYN flood one particular port though, unless it was a web server or some such (i.e. you couldn't close/hide the port).

    If the floods don't last very long, it's quite possible that it's not an attack.


  • #3
    flav0rflav
    Registered Users, Registered Users 2 Posts: 491 ✭✭flav0rflav


    It's most likely someone doing a network scan for open ports, randomly across an address range.

    Make sure your firewall is configured correctly and any open ports are secure, ie. no default passwords.


  • #4
    Squall
    Registered Users, Registered Users 2 Posts: 1,345 ✭✭✭Squall


    It's most likely someone doing a network scan for open ports, randomly across an address range.

    This looks like the most likely suspect alright. Several more here from this morning. Attack was from a different IP and also I was on a different IP(bb service with dynamic IP address). Also several ports were attacked and only for a short period. Still pretty annoying as it causes loss of connection and means I have to release IP address.

    2004/04/29 10:10:52 ** TCP SYN Flooding ** <IP/TCP> 194.46.85.203:1766 ->> 194.xx.xx.xx:3127
    2004/04/29 10:10:52 ** TCP SYN Flooding ** <IP/TCP> 194.46.85.203:1767 ->> 194.xx.xx.xx:6129
    2004/04/29 10:10:53 ** TCP SYN Flooding ** <IP/TCP> 194.46.85.203:1769 ->> 194.xx.xx.xx:80
    2004/04/29 10:10:54 ** TCP SYN Flooding ** <IP/TCP> 194.46.85.203:1764 ->> 194.xx.xx.xx:1025
    2004/04/29 10:10:54 ** TCP SYN Flooding ** <IP/TCP> 194.46.85.203:1764 ->> 194.xx.xx.xx:1025
    2004/04/29 10:10:55 ** TCP SYN Flooding ** <IP/TCP> 194.46.85.203:1765 ->> 194.xx.xx.xx:445
    2004/04/29 10:10:56 ** TCP SYN Flooding ** <IP/TCP> 194.46.85.203:1763 ->> 194.xx.xx.xx135
    2004/04/29 10:10:56 ** TCP SYN Flooding ** <IP/TCP> 194.46.85.203:1767 ->> 194.xx.xx.xx:6129
    2004/04/29 10:11:01 ** TCP SYN Flooding ** <IP/TCP> 194.46.85.203:1765 ->> 194.xx.xx.xx:445
    2004/04/29 10:11:01 ** TCP SYN Flooding ** <IP/TCP> 194.46.85.203:1764 ->> 194.xx.xx.xx:1025
    2004/04/29 10:11:02 ** TCP SYN Flooding ** <IP/TCP> 194.46.85.203:1762 ->> 194.xx.xx.xx:2745
    2004/04/29 10:11:03 ** TCP SYN Flooding ** <IP/TCP> 194.46.85.203:1767 ->> 194.xx.xx.xx:6129


  • #5
    deimos
    Closed Accounts Posts: 210 ✭✭deimos


    just somebody portscanning you, dont worry


Advertisement