Home page logo
/

basics logo Security Basics mailing list archives

RE: TCP Syn Flooding
From: "Craig Searle" <craig.searle () sift com au>
Date: Tue, 18 Feb 2003 09:09:05 +1100

Probably both. TCP SYN floods are usually popular with kiddies due to their
relative 'ease of use'. The majority of these attacks are poorly
co-ordinated and usually blocked at/by the firewall with relative ease.

Having said that, SYN floods are also very effective when used
properly.....i.e. by someone (or some people) who actually know what they're
doing.

In my opinion a small network, with an NT4 server would be viewed as an easy
target by a kiddie.

Do you think otherwise, Tim?

Craig Searle
SIFT Pty Ltd
www.sift.com.au

P (02) 9236 7276
F (02) 9236 7271
M 0402 914 077
E craig.searle () sift com au

Level 67, MLC Centre,
Martin Place, Sydney NSW 2000

[ABN 42 094 359 743]

This correspondence is for the named person's use only. It may contain
confidential or legally privileged information or both. No confidentiality
or privilege is waived or lost by any mistransmission. If you receive this
correspondence in error, please immediately delete it from your system and
notify the sender. You must not disclose, copy or rely on any part of this
correspondence if you are not the intended recipient. Any opinions expressed
in this message are those of the individual sender, except where the sender
expressly, and with authority, states them to be the opinions of SIFT Pty
Ltd.



-----Original Message-----
From: Tim Laureska [mailto:hometeam () goeaston net] 
Sent: Tuesday, 18 February 2003 08:58 AM
To: 'Craig Searle'; 'security-basics'
Subject: RE: TCP Syn Flooding


Craig... is there anything particular in the message that makes you think
its just a 'script kiddie' trying a DoS attack ... or is that just your
thoughts based on experience

-----Original Message-----
From: Craig Searle [mailto:craig.searle () sift com au] 
Sent: Monday, February 17, 2003 4:17 PM
To: 'Tim Laureska'; 'security-basics'
Subject: RE: TCP Syn Flooding

Its just a 'script kiddie' trying a DoS attack- I wouldn't really worry if I
were you. Your firewall has picked it up and stopped any problems.

If you are still concerned you want to consider setting your firewall to
block that IP altogether.

Craig Searle
SIFT Pty Ltd
www.sift.com.au

P (02) 9236 7276
F (02) 9236 7271
M 0402 914 077
E craig.searle () sift com au

Level 67, MLC Centre,
Martin Place, Sydney NSW 2000

[ABN 42 094 359 743]

This correspondence is for the named person's use only. It may contain
confidential or legally privileged information or both. No confidentiality
or privilege is waived or lost by any mistransmission. If you receive this
correspondence in error, please immediately delete it from your system and
notify the sender. You must not disclose, copy or rely on any part of this
correspondence if you are not the intended recipient. Any opinions expressed
in this message are those of the individual sender, except where the sender
expressly, and with authority, states them to be the opinions of SIFT Pty
Ltd.



-----Original Message-----
From: Tim Laureska [mailto:hometeam () goeaston net] 
Sent: Sunday, 16 February 2003 01:21 AM
To: security-basics
Subject: TCP Syn Flooding


OK. I just installed a Netgear firewall box between a cable modem and a NT
4.0 server on a small network.. and set it up to email me attempts at
security breaches. I am brand new to these devices and a relative neophyte
to internet/internal network security.  So the question is this. 

I received this message a few times yesterday after I installed the box:


Fri, 02/14/2003 20:35:01 - TCP connection dropped - Source:205.138.3.201,
80, WAN - Destination:69.2.167.25, 20306, LAN - 'TCP:Syn Flooding' End of
Log ----------

What should I make of this?
 
T.












  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]