"Syn Port Attack"????
25 April 2004, 10:58 PM
#1
Scooby Regular
Thread Starter
Join Date: Mar 2001
Posts: 331
Likes: 0
Received 0 Likes
on
0 Posts
"Syn Port Attack"????
Dear all,
Can any computer wizard educate me and tell me what a "Syn Port Attack" is.
I keep getting a warning mesage from my McAfee firewall telling me that it has interrupted one of these. It happens approximately every 20-30 minutes.
I access the internet using broadband through Blueyonder - does this have any bearing on things?
Cheers
Simon
Can any computer wizard educate me and tell me what a "Syn Port Attack" is.
I keep getting a warning mesage from my McAfee firewall telling me that it has interrupted one of these. It happens approximately every 20-30 minutes.
I access the internet using broadband through Blueyonder - does this have any bearing on things?
Cheers
Simon
26 April 2004, 12:05 AM
#2
Scooby Senior
Pretty good description here http://www.cert.org/advisories/CA-1996-21.html
If the firewall is alerting then it's doing its job. You should be able to change your setting so that you don't recieve this type of alert.
If the firewall is alerting then it's doing its job. You should be able to change your setting so that you don't recieve this type of alert.
26 April 2004, 06:56 PM
#3
Scooby Senior
Join Date: Feb 2000
Location: West Midlands
Posts: 5,763
Likes: 0
Received 0 Likes
on
0 Posts
Jack,
thanks for that very interesting pointer
Presumably these "attacks" are similar to what my NPF is picking up (and blocking) - logfile example below. No bloody wonder the Internet is crawling these days, i get loads of the buggers
Cheers,
mb
---Firewall log entry---
TCP non-syn/non-ack packet on invalid connection. Packet has been dropped
Source IP address: www-cache.demon.co.uk(xxx.xxx.xxx.xxx)
Destination IP address: XXX(xxx.xxx.xxx.xxx)
TCP Source Port: http-proxy(8080)
TCP Destination Port: 1742
TCP Message Flags: 0x00000004
thanks for that very interesting pointer
Presumably these "attacks" are similar to what my NPF is picking up (and blocking) - logfile example below. No bloody wonder the Internet is crawling these days, i get loads of the buggers
Cheers,
mb
---Firewall log entry---
TCP non-syn/non-ack packet on invalid connection. Packet has been dropped
Source IP address: www-cache.demon.co.uk(xxx.xxx.xxx.xxx)
Destination IP address: XXX(xxx.xxx.xxx.xxx)
TCP Source Port: http-proxy(8080)
TCP Destination Port: 1742
TCP Message Flags: 0x00000004
26 April 2004, 08:07 PM
#4
Scooby Senior
From the Symantec Knoweledge Base:
"This message indicates that NIS detected an incoming communication that does not include required information to make it valid. Invalid communications are usually caused by corruption of the information before it reached your computer, such as through telephone lines that have a lot of interference. Or, the communication is from a hacker or a spyware program.
Sounds about right. I'd say over 50% of traffic on the internet is illegal or should be.
"This message indicates that NIS detected an incoming communication that does not include required information to make it valid. Invalid communications are usually caused by corruption of the information before it reached your computer, such as through telephone lines that have a lot of interference. Or, the communication is from a hacker or a spyware program.
Sounds about right. I'd say over 50% of traffic on the internet is illegal or should be.
02 May 2004, 10:24 PM
#5
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
Yep - I reckon JC is about right. It still amazes me that people connect to the Internet without taking any precautions. I watched a live demonstration at Infosec last week, where a guy cracked a website running on a fully patched 'secure' server, protected by a firewall Quite scary when you see it being done in front of you.
Simon - just be pleased that your firewall is doing its job. Some other mug won't be so lucky. Most of what you are seeing is probably automated scanners and programs used by script kiddies and the like. To be honest, if someone really wanted to hack your machine and you were unlucky enough to be targeted by someone who really knows what they are doing (highly unlikely to be honest they have bigger targets to hit), then there isn't much you could do.
Chris
Quite scary when you see it being done in front of you.Simon - just be pleased that your firewall is doing its job. Some other mug won't be so lucky. Most of what you are seeing is probably automated scanners and programs used by script kiddies and the like. To be honest, if someone really wanted to hack your machine and you were unlucky enough to be targeted by someone who really knows what they are doing (highly unlikely to be honest they have bigger targets to hit), then there isn't much you could do.
Chris
Last edited by Chris L; 02 May 2004 at 10:31 PM.
03 May 2004, 12:48 PM
#6
Scooby Regular
Bloody "SYN floods" have a nasty habit of filling up the routing tables and thereby hanging my 3com router/firewall. Only resolution is a reboot
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM
Mattybr5@MB Developments
Full Cars Breaking For Spares
12
18 November 2015 07:03 AM