Syn floods and smurf attacks
This is a discussion on Syn floods and smurf attacks within the Linux Security forums, part of the System Security and Security Related category; Can anyone tell me what to make of this log from my router? There is an occasional 'smurf' attack, but ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-30-2003
|
|||
|
|||
Syn floods and smurf attacks
Can anyone tell me what to make of this log from my router?
There is an occasional 'smurf' attack, but there are SO many Syn Floods directed to a machine running OS X 10.2.... What is going on? Why is this happening, is it a problem (we have had temporary service interruptions, but i do not know if it is related to this) and how can I stop it? -------- log begins --------------------- 06/29/2003 18:12:25 **Smurf** 0.0.0.0, 0->> 224.0.0.2, 0 (from Wireless Inbound) 06/29/2003 15:18:29 NTP Date/Time updated 06/29/2003 09:19:23 NTP Date/Time updated 06/29/2003 03:20:16 NTP Date/Time updated 06/29/2003 00:05:24 **SYN Flood to Host** 192.168.2.104, 51153->> 66.218.79.152, 80 (from PPPoE Outbound) 06/28/2003 21:21:10 NTP Date/Time updated 06/28/2003 17:51:35 **Smurf** 0.0.0.0, 0->> 224.0.0.2, 0 (from Wireless Inbound) 06/28/2003 15:22:04 NTP Date/Time updated 06/28/2003 10:14:00 **SYN Flood Stop** (from PPPoE Outbound) 06/28/2003 10:13:52 **SYN Flood** 192.168.2.102, 58090->> 12.232.219.150, 143 (from PPPoE Outbound) 06/28/2003 09:44:37 **SYN Flood** 192.168.2.102, 52875->> 219.25.228.125, 6346 (from PPPoE Outbound) .... [this contnues for at least 100 times, all with different masked incoming IP's] .... 06/28/2003 09:43:32 **SYN Flood** 192.168.2.102, 52603->> 65.118.139.246, 6346 (from PPPoE Outbound) 06/28/2003 09:43:32 **SYN Flood** 192.168.2.102, 52639->> 65.64.74.95, 6346 (from PPPoE Outbound) 06/28/2003 09:43:32 **SYN Flood** 192.168.2.102, 52640->> 202.156.182.171, 6346 (from PPPoE Outbound) 06/28/2003 09:43:32 **SYN Flood** 192.168.2.102, 52652->> 62.195.9.232, 6346 (from PPPoE Outbound) 06/28/2003 09:43:32 **SYN Flood** 192.168.2.102, 52653->> 218.72.44.67, 2500 (from PPPoE Outbound) 06/28/2003 09:43:32 **SYN Flood** 192.168.2.102, 52637->> 68.107.244.86, 6346 (from PPPoE Outbound) -- /////////////////////////////// m roberts ///////////////////////////////////////// 
|
|
06-30-2003
|
|||
|
|||
|
Re: Syn floods and smurf attacks
> What is going on? Why is this happening, is it a problem (we have had > temporary service interruptions, but i do not know if it is related to this) > and how can I stop it? One more question: do you think this is an individual, or something automated? And how do they know what machine to target? There are 2 Mac OS X boxes on the lan, and they are the only ones ever to get hit with Syn Floods.
|
|
06-30-2003
|
|||
|
|||
|
Re: Syn floods and smurf attacks
"m roberts" <nopspam_matt@mattmattmattm.com_@nospam.com> wrote in message news:bdpqdl$dqo8$1@netnews.upenn.edu... > Can anyone tell me what to make of this log from my router? > There is an occasional 'smurf' attack, but there are SO many Syn Floods > directed to a machine running OS X 10.2.... > What is going on? Why is this happening, is it a problem (we have had > and how can I stop it? <SNIP> Are you sure these are inbound packets? Although I don't recognize the specific log format, the formatting of the log entry and the incrementing local port would seem to suggest that your local hosts are trying to connect to a Gnutella port on multiple hosts. If you have any P2P filesharing programs running, disable them.
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 09:23 AM.
