Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology
TCP SYN Flooding TCP SYN Flooding

Donate now! Members List


 
 
LinkBack Thread Tools
Old 04-10-2004, 11:44 AM   #1 (permalink)
Crazy
 
Location: Vincennes, IN
TCP SYN Flooding
My friend was getting this yesterday and he didnt have logging on his router so from the best I could do (netstat at time of attack and afterwards) it seemed that vigilance.phaseburn.net was responsible.

Anyway today I found a lot of these in my router's logs...

2004/04/10 01:19:08 ** TCP SYN Flooding ** <IP/TCP> 66.101.19.2:45483 ->> 12.221.234.180:411

First IP address is his.

That IP address translates into shazbot.phaseburn.net

Anyway, I contacted the owner of phaseburn.net. And I sent him my logs. He replied with this...

Quote:
Well, vigilance.phaseburn.net is a public IRC server with anywhere
between 5 to 8 thousand users on it...

It's also not capable of synflooding anybody due to the fact that it can
only send/receive SYN's to/from port 6667, the server linking port for
the network it's on, and port 22 from a selected /24. So if they're
getting syn floods from vigilance, it's definatly spoofed.

That makes me think that your logs may also be of spoofed IPs. Just to
be safe, I've -j DROP'd all data packets from shazbot going to your
IP... while I can't guarantee it will help, or that it won't, it's the
best I can do at the moment. I don't see anything on either server that
could cause this...
So does anyone have any ideas?
Mainly, I'm wondering about if it is possible that someone spoofed his IP with theirs?
__________________
Sorry, you can not add yourself to your own list.
Zello is offline  
Old 04-10-2004, 04:29 PM   #2 (permalink)
Psycho
 
Location: Boston, MAss., USA
There's an old backdoor virus called backage, that used port 411. Most likely, the infected computer was spoofing it's source IP. You might try looking up backage on one of the security webistes, like symantec, or Mcaffee.
__________________
I'm gonna be rich and famous, as soon I invent a device that lets you stab people in the face over the internet.
JohnnyRoyale is offline  
Old 04-24-2004, 01:08 AM   #3 (permalink)
Irresponsible
 
yotta's Avatar
 
It's internet background noise, ignore it. If you were being syn flooded, you probably would not be able to post.
__________________
I am Jack's signature.
yotta is offline  
 

Tags
flooding, syn, tcp

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -8. The time now is 11:05 AM.

Tilted Forum Project
Contact Us - Tilted Forum Project - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73