SYN Flood Attack

Status
Not open for further replies.
K

kydsid

Supreme [H]ardness
Joined
Mar 9, 2006
Messages
6,401
For the last three hours my router, an old Dlink 625 has been recording a syn flood attack. I only noticed about 30 minutes ago after checking the log.

I had a 360 wirelessly connected that I have now turned off. The remaining windows laptop does not show any half open connections when I use netstat command.

Is there anything I can do to get this to stop? Do I need to do anything?

It doesn't appear to be causing a denial of service level SYN attack. But at current I do not know what kind of bandwidth it is taking.
 
Why don't you power off your modem and router? Wait about 5 to 10 minutes, power them back on, and see if the problem is still there
 
Unfortunately I do not have IP info as the router is not giving that info. I was about to power off the modem but have now noticed that since the 360 was turned off the attack has stopped. The timing isn't exact but pretty close.
 
kydsid said:
Unfortunately I do not have IP info as the router is not giving that info.
Click to expand...

It you is giving you that info to the router... Is it your router?

It is almost incredible you got a SYN flood in late 2008. SYN flood attacks are a thing of the past, it is years they don't work anymore, not even for a DoS. Modern systems do not allocate resources (TCP connections) before an ACK. So do not worry, disconnect from the internet a couple of hours, if that makes you feel more comfortable, and relax, it will pass soon.

TJ
 
TJohnny said:
It you is giving you that info to the router... Is it your router?

It is almost incredible you got a SYN flood in late 2008. SYN flood attacks are a thing of the past, it is years they don't work anymore, not even for a DoS. Modern systems do not allocate resources (TCP connections) before an ACK. So do not worry, disconnect from the internet a couple of hours, if that makes you feel more comfortable, and relax, it will pass soon.

TJ
Click to expand...
hmmm...... negative? All operating systems allocate resources for TCP half-open connections, which is the foundation of SYN floods. SYN flooding is still very much alive and a threat, but only when you're doing a DDoS attack.

kydsid,

Interesting, think about how xbox live works.Not sure how the TCP connections appear in the router when you connect to a game with a lot of people but maybe a ton of half-open connections are being seen by your router. This would be trigger your router to think you're being DoS'd.
 
Thanks for the responses. I kept the modem and router off all night. As for the attack after the 360 went offline it stopped. At least for the couple hours I monitored until powering everything off.

xphil3 - Interesting hypothesis that I could almost agree with if I had been using the 360 to play a game. Unfortunately it was simply on and downloading a couple game demos. Maybe thats why they took so long. :)

aaronearles - Thanks but I did do that and read a couple papers even. But it never hurts to turn to the [h]ard gods.
 
TJohnny said:
Thank you, pal, that is exacly what I had in mind! (but in the future I will not use that kind of sarcastic language anymore, yesterday I passed the line and I am glad the moderators erased my post. Sorry xphil3 and sorry everybody else)

TJ
Click to expand...

why are you appologizing to me? Im not the one who doesn't understand the logic and concepts of a syn flood. :rolleyes: I assume you had some smart ass remark that the mod deleted.

kydsid said:
xphil3 - Interesting hypothesis that I could almost agree with if I had been using the 360 to play a game. Unfortunately it was simply on and downloading a couple game demos. Maybe thats why they took so long. :)
Click to expand...
But you were still using xbox live. This is my point, perhaps xbox live some how opened a ton of half-opens on your router causing it to draw a flag and think its a syn flood. I wouldn't be surprised :p
 
xphil3 said:
I assume you had some smart ass remark that the mod deleted.
Click to expand...

What an intuition... if I only had not written it clearly.

TJohnny said:
yesterday I passed the line and I am glad the moderators erased my post.
Click to expand...

When will you learn that reading before writing is a good thing? And please lower the tone of your language, you already have three posts reported (with this are four) where you call me anything between smart ass and complete idiot. Being named after a game box, I am not sure you can afford that.

TJ
 
TJohnny said:
What an intuition... if I only had not written it clearly.



When will you learn that reading before writing is a good thing? And please lower the tone of your language, you already have three posts reported (with this are four) where you call me anything between smart ass and complete idiot. Being named after a game box, I am not sure you can afford that.

TJ
Click to expand...
check your PMs, Im trying to remove these arguments off the boards. Just for some clarification, I never called you a smart ass. Trust me, I probably have HUNDREDS of posts reported against me. I call people on BS, and you're a huge BSer. How about this, read your private messages and tell me what you said before, I would be delighted to continue this in a PM or IM for that matter. :rolleyes:
 
xphil3 said:
I call people on BS, and you're a huge BSer.
Click to expand...

You call people on bullshits and I am a huge bullshitter... but you did not call me a smart ass (like everybody can read in this very thread). This is too sad. I will not answer you anymore (I do not have hundreds of posts reported and I do not want to) and I already trashed your PMs.

You are on my ignore list. Adieu!

TJ
 
Status
Not open for further replies.
Back
Top