Help! Router failures coinciding with SYN Flood entries in the logs

All,

Hope someone can help as I am a complete networking noob and this
problem giving me a real headache!

I have a Belkin 7630 (latest firmware, 9/8/2004) connected to f2s on a
static IP which just recently has started to lose connection seemingly
randomly.

Sometimes a disconnect/reconnect solves the problem, sometimes a soft
restart and a couple of times its needed a cold restart to fix it.

It happened again earlier and I had the bright idea to look in the log
(dur!) and discovered that the drop-outs coincided with SYN Flood
entries every time:

11/23/2005 19:59:48 **SYN Flood** x.x.x.x, x->> y.y.y.y, y (from ATM1
Inbound)

Now, I know that it is a BitTorrent peer causing the problem due to
the custom port I use but my question is, what can I do about it?

A few nights ago it happened repeatedly so many times as to make my
connection unusable. A quick google revealed a post on DSLReports.com
(http://www.dslreports.com/forum/remark,12852792) advising to access
the firewall_spi_h.stm page on the router and change the following
settings from 10 to 11:

Connection Policy > Fragmentation half-open wait (I guess it means
this one as it is the only other one set to 10 by default)

and

DoS Detect Criteria > Maximum incomplete TCP/UDP sessions number from
same host

Will this actually help...? What else can I do...?

TIA
--

Shevek

iTunesRegistry.com: 4,199 tracks, 2.968 diversity
http://www.itunesregistry.com/ reports/reports.php?showuser=2 011

Get DigiGuide - a downloadable desktop PC TV and Radio Guide
http://getdigiguide.com/?p=1&r =31493

Get Firefox!
http://www.spreadfirefox.com/? q=affiliates&id=8681&t=1

On Wed, 23 Nov 2005 21:03:37 +0000, Shevek <(E-Mail Removed)> wrote:

>All,

>11/23/2005 19:59:48 **SYN Flood** x.x.x.x, x->> y.y.y.y, y (from ATM1
>Inbound)
>
>Now, I know that it is a BitTorrent peer causing the problem due to
>the custom port I use but my question is, what can I do about it?

I suggest configuring your router to be a good internet citizen and send
back an RST, if its not already.
--
"Access to a waiting list is not access to health care"

On Wed, 23 Nov 2005 21:56:42 +0000, Greg Hennessy <(E-Mail Removed)>
wrote:

>On Wed, 23 Nov 2005 21:03:37 +0000, Shevek <(E-Mail Removed)> wrote:
>
>>All,
>
>>11/23/2005 19:59:48 **SYN Flood** x.x.x.x, x->> y.y.y.y, y (from ATM1
>>Inbound)
>>
>>Now, I know that it is a BitTorrent peer causing the problem due to
>>the custom port I use but my question is, what can I do about it?
>
>I suggest configuring your router to be a good internet citizen and send
>back an RST, if its not already.

erm, what's that then...?!?
--

Shevek

iTunesRegistry.com: 4,199 tracks, 2.968 diversity
http://www.itunesregistry.com/ reports/reports.php?showuser=2 011

Get DigiGuide - a downloadable desktop PC TV and Radio Guide
http://getdigiguide.com/?p=1&r =31493

Get Firefox!
http://www.spreadfirefox.com/? q=affiliates&id=8681&t=1

On Wed, 23 Nov 2005 22:33:11 +0000, Shevek <(E-Mail Removed)> wrote:


>>>Now, I know that it is a BitTorrent peer causing the problem due to
>>>the custom port I use but my question is, what can I do about it?
>>
>>I suggest configuring your router to be a good internet citizen and send
>>back an RST, if its not already.
>
>erm, what's that then...?!?


It means 'unstealth' your router by configuring it to send back TCP resets
and ICMP unreachables as a response to incoming unwanted connections.

This will politely tell the connecting endpoint to go away rather than just
dropping the connection to the floor.



greg
--
"Access to a waiting list is not access to health care"

On Wed, 23 Nov 2005 23:34:43 +0000, Greg Hennessy <(E-Mail Removed)>
wrote:

>On Wed, 23 Nov 2005 22:33:11 +0000, Shevek <(E-Mail Removed)> wrote:
>
>
>>>>Now, I know that it is a BitTorrent peer causing the problem due to
>>>>the custom port I use but my question is, what can I do about it?
>>>
>>>I suggest configuring your router to be a good internet citizen and send
>>>back an RST, if its not already.
>>
>>erm, what's that then...?!?
>
>
>It means 'unstealth' your router by configuring it to send back TCP resets
>and ICMP unreachables as a response to incoming unwanted connections.
>
>This will politely tell the connecting endpoint to go away rather than just
>dropping the connection to the floor.
>

Is that possible with my Belkin 7630...?

>
>
>greg
--

Shevek

iTunesRegistry.com: 4,199 tracks, 2.968 diversity
http://www.itunesregistry.com/ reports/reports.php?showuser=2 011

Get DigiGuide - a downloadable desktop PC TV and Radio Guide
http://getdigiguide.com/?p=1&r =31493

Get Firefox!
http://www.spreadfirefox.com/? q=affiliates&id=8681&t=1

On Wed, 23 Nov 2005 21:03:37 +0000, Shevek <(E-Mail Removed)> wrote:

>All,
>
>Hope someone can help as I am a complete networking noob and this
>problem giving me a real headache!
>
>I have a Belkin 7630 (latest firmware, 9/8/2004) connected to f2s on a
>static IP which just recently has started to lose connection seemingly
>randomly.

>11/23/2005 19:59:48 **SYN Flood** x.x.x.x, x->> y.y.y.y, y (from ATM1

I had a similar problem with my 3Com wireless router.
I use eMule and about once a day the router would hang with SYN Flood
message in the log.
On the 3Com I went to the Firewall settings and changed it from
'maximum' to 'minimum' which seems to have stopped the problem.
I think the firewall was being a bit too aggresive in it's checking
and throwing a wobbler when it didn't need to.

(of course I'm now probably blissfully unaware of network intrusions!
- but I do have software firewalls on my PCs anyway)

HTH

On Thu, 24 Nov 2005 00:39:31 +0000, Shevek <(E-Mail Removed)> wrote:

>On Wed, 23 Nov 2005 23:34:43 +0000, Greg Hennessy <(E-Mail Removed)>
>wrote:
>
>>On Wed, 23 Nov 2005 22:33:11 +0000, Shevek <(E-Mail Removed)> wrote:
>>
>>
>>>>>Now, I know that it is a BitTorrent peer causing the problem due to
>>>>>the custom port I use but my question is, what can I do about it?
>>>>
>>>>I suggest configuring your router to be a good internet citizen and send
>>>>back an RST, if its not already.
>>>
>>>erm, what's that then...?!?
>>
>>
>>It means 'unstealth' your router by configuring it to send back TCP resets
>>and ICMP unreachables as a response to incoming unwanted connections.
>>
>>This will politely tell the connecting endpoint to go away rather than just
>>dropping the connection to the floor.
>>
>
>Is that possible with my Belkin 7630...?
>

I have no idea, time for you to RTFM.
--
"Access to a waiting list is not access to health care"