Tilted Forum Project Discussion Community

Tilted Forum Project Discussion Community (https://thetfp.com/tfp/)
-   Tilted Technology (https://thetfp.com/tfp/tilted-technology/)
-   -   TCP SYN Flooding (https://thetfp.com/tfp/tilted-technology/52000-tcp-syn-flooding.html)

Zello 04-10-2004 11:44 AM
TCP SYN Flooding
 
My friend was getting this yesterday and he didnt have logging on his router so from the best I could do (netstat at time of attack and afterwards) it seemed that vigilance.phaseburn.net was responsible.

Anyway today I found a lot of these in my router's logs...

2004/04/10 01:19:08 ** TCP SYN Flooding ** <IP/TCP> 66.101.19.2:45483 ->> 12.221.234.180:411

First IP address is his.

That IP address translates into shazbot.phaseburn.net

Anyway, I contacted the owner of phaseburn.net. And I sent him my logs. He replied with this...

Quote:
Well, vigilance.phaseburn.net is a public IRC server with anywhere
between 5 to 8 thousand users on it...

It's also not capable of synflooding anybody due to the fact that it can
only send/receive SYN's to/from port 6667, the server linking port for
the network it's on, and port 22 from a selected /24. So if they're
getting syn floods from vigilance, it's definatly spoofed.

That makes me think that your logs may also be of spoofed IPs. Just to
be safe, I've -j DROP'd all data packets from shazbot going to your
IP... while I can't guarantee it will help, or that it won't, it's the
best I can do at the moment. I don't see anything on either server that
could cause this...
So does anyone have any ideas?
Mainly, I'm wondering about if it is possible that someone spoofed his IP with theirs?

JohnnyRoyale 04-10-2004 04:29 PM
There's an old backdoor virus called backage, that used port 411. Most likely, the infected computer was spoofing it's source IP. You might try looking up backage on one of the security webistes, like symantec, or Mcaffee.

yotta 04-24-2004 01:08 AM
It's internet background noise, ignore it. If you were being syn flooded, you probably would not be able to post.


All times are GMT -8. The time now is 11:04 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73