TCP SYN FLOODING

In my log is this:

2004/06/06 23:29:52 ** TCP SYN Flooding ** <IP/TCP> 65.58.240.149:80 ->>
xx.xxx.xxx.xxx:1768

2004/06/06 23:30:10 ** TCP SYN Flooding ** <IP/TCP> xxx.xxx.x.xx:1851
->> 65.58.240.149:80

2004/06/06 23:30:38 ** TCP SYN Flooding ** <IP/TCP> 65.58.240.149:80 ->>
xx.xxx.xxx.xxx:1927

From the doing the "netstat -n -p tcp" from the dos command prompt, and
a whois of one of the addresses, it's an address of my ISP. The "state"
was shown as "established".

There was another connection to that was from my own base station's ip
to itself. State for that one was "close_wait".

Is this a concern? I'm guessing it happens all the time. Why me?

--
-----<snip>-----
Cut the snippy to reply in email.

Dear Seymour,

In the last century the Internet became aware of a new
style of attack on websites - "Sequence Number Guessing."
Successful attacks left the system wide open for root
access from anywhere on the Internet. A side effect of
the attack is that a trusted system would ignore any
packets received on the port that services remote log-in
requests.

The TCP SYN Flooding attack consists of a tool that only
implements one portion of the Sequence Number Guessing
attack, with a completely different focus.

TCP SYN Flooding causes servers to quit responding to
requests to open new connections with clients -- a denial
of service attack. Denial of service attacks prevent
people from using the affected system or networks. These
attacks usually proceed by overloading the target in some
fashion. For example, simply sending large ping packets
can fill up a website's connection to the Internet.
Illegally large ping packets (easily generated by pre-
21st Century Microsoft products) can cause some systems
to crash or reboot.

It's not a direct concern of yours. But is is a concern
to your ISP, and thus to you and all its users.

Hope this helps.



>-----Original Message-----
>In my log is this:
>
>2004/06/06 23:29:52 ** TCP SYN Flooding ** <IP/TCP>
65.58.240.149:80 ->>
>xx.xxx.xxx.xxx:1768
>
>2004/06/06 23:30:10 ** TCP SYN Flooding ** <IP/TCP>
xxx.xxx.x.xx:1851
>->> 65.58.240.149:80
>
>2004/06/06 23:30:38 ** TCP SYN Flooding ** <IP/TCP>
65.58.240.149:80 ->>
>xx.xxx.xxx.xxx:1927
>
>From the doing the "netstat -n -p tcp" from the dos
command prompt, and
>a whois of one of the addresses, it's an address of my
ISP. The "state"
>was shown as "established".
>
>There was another connection to that was from my own
base station's ip
>to itself. State for that one was "close_wait".
>
>Is this a concern? I'm guessing it happens all the time.
Why me?
>
>--
>-----<snip>-----
>Cut the snippy to reply in email.
>.
>

"Ken" <(E-Mail Removed)> wrote:

> It's not a direct concern of yours. But is is a concern
> to your ISP, and thus to you and all its users.

Yeah, but it such a shame that people feel the need to ruin a good thing.
Btw, your replies are quite informative. Thanks alot.

--
-----<snip>-----
Cut the snippy to reply in email.