|
04-10-2004, 11:44 AM
|
#1 (permalink) | |
|
Crazy
Location: Vincennes, IN
|
TCP SYN Flooding
My friend was getting this yesterday and he didnt have logging on his router so from the best I could do (netstat at time of attack and afterwards) it seemed that vigilance.phaseburn.net was responsible.
Anyway today I found a lot of these in my router's logs... 2004/04/10 01:19:08 ** TCP SYN Flooding ** <IP/TCP> 66.101.19.2:45483 ->> 12.221.234.180:411 First IP address is his. That IP address translates into shazbot.phaseburn.net Anyway, I contacted the owner of phaseburn.net. And I sent him my logs. He replied with this... Quote:
Mainly, I'm wondering about if it is possible that someone spoofed his IP with theirs?
__________________
Sorry, you can not add yourself to your own list. |
|
|
|
04-10-2004, 04:29 PM
|
#2 (permalink) |
|
Psycho
Location: Boston, MAss., USA
|
There's an old backdoor virus called backage, that used port 411. Most likely, the infected computer was spoofing it's source IP. You might try looking up backage on one of the security webistes, like symantec, or Mcaffee.
__________________
I'm gonna be rich and famous, as soon I invent a device that lets you stab people in the face over the internet. |
|
|
| Tags |
| flooding, syn, tcp |
|
|
