RE: TCP Syn Flooding

2003-02-20 Thread neopara
m: neopara [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 18, 2003 12:32 AM > To: security-basics > Subject: Re: TCP Syn Flooding > > On Sat, 2003-02-15 at 08:20, Tim Laureska wrote: > > OK. I just installed a Netgear firewall box between a cable modem and > a > > NT 4

RE: TCP Syn Flooding

2003-02-19 Thread Chris Santerre
Sent: Tuesday, February 18, 2003 2:17 PM > To: 'Chris Santerre'; 'Steve Suehring' > Cc: 'security-basics' > Subject: RE: TCP Syn Flooding > > > The IRC programs pops up in a window when you start the NT box... you > can close it down easily e

RE: TCP Syn Flooding

2003-02-19 Thread s7726
reska'; security-basics Subject: RE: TCP Syn Flooding You have received a lot of replies to this already, but I have a slightly different take on this. The message says the traffic is sourced from port 80 and coming back to a high port on your end that would normally be in the range used by clien

RE: TCP Syn Flooding

2003-02-19 Thread Chris Santerre
aureska > Cc: security-basics > Subject: Re: TCP Syn Flooding > > > > While I obviously can't guarantee it, I would sincerely doubt > that there > is a true syn flood taking place sourced in the doubleclick > network. What > were you doing at the time? Poss

RE: TCP Syn Flooding

2003-02-19 Thread Tim Laureska
e Suehring'; Tim Laureska Cc: security-basics Subject: RE: TCP Syn Flooding You mentioned an IRC program on the NT box. Is it still running or did you kill it? It could be trying to "phone home". Just another idea. > -Original Message- > From: Steve Suehring [m

RE: TCP Syn Flooding

2003-02-19 Thread Hudak, Tyler
ebruary 15, 2003 9:21 AM To: security-basics Subject: TCP Syn Flooding OK. I just installed a Netgear firewall box between a cable modem and a NT 4.0 server on a small network.. and set it up to email me attempts at security breaches. I am brand new to these devices and a relative neophyte t

RE: TCP Syn Flooding

2003-02-19 Thread Tim Laureska
Uuh... basic question I'm sure but what do you mean by a "signature based alert"? -Original Message- From: neopara [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 12:32 AM To: security-basics Subject: Re: TCP Syn Flooding On Sat, 2003-02-15 at 08:20, Tim Laure

RE: TCP Syn Flooding

2003-02-19 Thread Michael Parker
chael -Original Message- From: Anders Reed Mohn [mailto:[EMAIL PROTECTED]] Sent: February 17, 2003 5:10 PM To: Tim Laureska; security-basics Subject: Re: TCP Syn Flooding > I received this message a few times yesterday after I installed the box: > > > Fri, 02/14/2003 20:35:01 - TCP c

Re: TCP Syn Flooding

2003-02-18 Thread Steve Suehring
While I obviously can't guarantee it, I would sincerely doubt that there is a true syn flood taking place sourced in the doubleclick network. What were you doing at the time? Possibly surfing the web? Those source and destination ports look awfully like you were surfing the web and doublecl

RE: TCP Syn Flooding

2003-02-18 Thread Anomaly
t;Michael Parker" <[EMAIL PROTECTED]> To: "Tim Laureska" <[EMAIL PROTECTED]>, "security-basics" Sent: Mon, 17 Feb 2003 12:38:17 -0500 Subject: RE: TCP Syn Flooding > Sounds like someone was trying to syn flood your system and your firewall did what it was supppos

RE: TCP Syn Flooding

2003-02-18 Thread Fields, James
Original Message- From: Tim Laureska [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 15, 2003 9:21 AM To: security-basics Subject: TCP Syn Flooding OK. I just installed a Netgear firewall box between a cable modem and a NT 4.0 server on a small network.. and set it up to email me attemp

Re: TCP Syn Flooding

2003-02-18 Thread neopara
On Sat, 2003-02-15 at 08:20, Tim Laureska wrote: > OK. I just installed a Netgear firewall box between a cable modem and a > NT 4.0 server on a small network.. and set it up to email me attempts at > security breaches. I am brand new to these devices and a relative > neophyte to internet/internal n

RE: TCP Syn Flooding

2003-02-18 Thread Michael Parker
M To: Michael Parker; Tim Laureska; security-basics Subject: RE: TCP Syn Flooding Sorry if this has been mentioned before, but my email server has been bouncing messages back a lot lately so I have been missing quite a bit from the mailing list. Tracing that IP address is useless if it was an actual

RE: TCP Syn Flooding

2003-02-18 Thread Tim Laureska
, registry, etc) but couldn't find a reference to it... every seen or heard of this? -Original Message- From: Craig Searle [mailto:[EMAIL PROTECTED]] Sent: Monday, February 17, 2003 5:09 PM To: 'Tim Laureska'; 'security-basics' Subject: RE: TCP Syn Flooding Prob

re: TCP Syn Flooding

2003-02-18 Thread H C
Try going to the NetGear site and see if you can find out what they define a SYN Flood as...what triggered the alert. For instance, is it 5 TCP SYN packets in a second, or 2 seconds, or what? __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Val

Re: TCP Syn Flooding

2003-02-18 Thread Anders Reed Mohn
> I received this message a few times yesterday after I installed the box: > > > Fri, 02/14/2003 20:35:01 - TCP connection dropped - > Source:205.138.3.201, 80, WAN - Destination:69.2.167.25, 20306, LAN - > 'TCP:Syn Flooding' End of Log -- > > What should I make of this? > Not sure, Tim,

RE: TCP Syn Flooding

2003-02-18 Thread Tim Laureska
M To: 'Tim Laureska'; 'security-basics' Subject: RE: TCP Syn Flooding Its just a 'script kiddie' trying a DoS attack- I wouldn't really worry if I were you. Your firewall has picked it up and stopped any problems. If you are still concerned you want to co

RE: TCP Syn Flooding

2003-02-18 Thread Craig Searle
er, except where the sender expressly, and with authority, states them to be the opinions of SIFT Pty Ltd. -Original Message- From: Tim Laureska [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 18 February 2003 08:58 AM To: 'Craig Searle'; 'security-basics' Subject: RE: TCP S

RE: TCP Syn Flooding

2003-02-18 Thread Craig Searle
ssed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the opinions of SIFT Pty Ltd. -Original Message- From: Tim Laureska [mailto:[EMAIL PROTECTED]] Sent: Sunday, 16 February 2003 01:21 AM To: security-basics Subje

Re: TCP Syn Flooding

2003-02-17 Thread Ivan Hernandez
If it comes ALWAYS from the same source try to identify who or what it is and if it isn't somthing that you need in your life, block it permanently. Ivan Hernandez Tim Laureska wrote: OK. I just installed a Netgear firewall box between a cable modem and a NT 4.0 server on a small network.. and

Re: TCP Syn Flooding

2003-02-17 Thread Matt Thoene
On Saturday, February 15, 2003 @ 6:20:46 AM [-0700], Tim Laureska wrote: > Fri, 02/14/2003 20:35:01 - TCP connection dropped - > Source:205.138.3.201, 80, WAN - Destination:69.2.167.25, 20306, LAN - > 'TCP:Syn Flooding' End of Log -- > What should I make of this? Well, you it _might_ be

Re: TCP Syn Flooding

2003-02-17 Thread Chris Berry
From: "Tim Laureska" <[EMAIL PROTECTED]> OK. I just installed a Netgear firewall box between a cable modem and a NT 4.0 server on a small network.. and set it up to email me attempts at security breaches. I am brand new to these devices and a relative neophyte to internet/internal network security.

RE: TCP Syn Flooding

2003-02-17 Thread Michael Parker
ilto:[EMAIL PROTECTED]] Sent: February 15, 2003 9:21 AM To: security-basics Subject: TCP Syn Flooding OK. I just installed a Netgear firewall box between a cable modem and a NT 4.0 server on a small network.. and set it up to email me attempts at security breaches. I am brand new to these devices a

TCP Syn Flooding

2003-02-17 Thread Tim Laureska
OK. I just installed a Netgear firewall box between a cable modem and a NT 4.0 server on a small network.. and set it up to email me attempts at security breaches. I am brand new to these devices and a relative neophyte to internet/internal network security. So the question is this. I received t