cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IDS dos parser : tcp syn flood: and oddities in aftermath

Luzern
Hero
Posts: 4,823
Thanks: 872
Fixes: 9
Registered: ‎31-07-2007

IDS dos parser : tcp syn flood: and oddities in aftermath

‎07-12-2012 8:27 PM 

Dec 7 15:12:51	IDS dos parser : tcp syn flood (1 of 1) : 78.187.224.67 87.113.187.108 0060 TCP 2309->23 [S.....] seq 2083828245 win 5808

Can anyone tell me what a tcp syn flood means? I'll take a wild guess that it has nothing to do with Noah's Ark Cheesy
My computer blacked out at about the time of the above and seemed to be  restored immediately, though I did not log in again for a few hours.
Everything seems normal with no loss of sync, as speed identical and BT Test gave sensible results.
Now, here's the oddity. The Routerstats log shows a continuous connection from this morning until ~1620. then a gap to ~1835 when I logged on to Windows, From then on Routerstats is showing running at 0 sync and 0 snr, despite the internet connection being very goof.
I cannot think, but could there be a connection between the events?
No one has to agree with my opinion, but in the time I have left a miracle would be nice.
Message 1 of 4
(2,089 Views)
0 Thanks
3 REPLIES 3
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: IDS dos parser : tcp syn flood: and oddities in aftermath

‎07-12-2012 8:43 PM

TCP SYN = first incoming packet trying to establish a connection
flood = too many of them in too little time
port 23 = telnet
So it's just the usual from TurkTelekom. There's the same sort of thing in my router's log, from November 18th and 20th.
Message 2 of 4
(759 Views)
0 Thanks
Luzern
Hero
Posts: 4,823
Thanks: 872
Fixes: 9
Registered: ‎31-07-2007

Re: IDS dos parser : tcp syn flood: and oddities in aftermath

‎07-12-2012 9:04 PM

Quote
So it's just the usual from TurkTelekom
Who the devil are they?
From reply I assume no connection with events after?
No one has to agree with my opinion, but in the time I have left a miracle would be nice.
Message 3 of 4
(759 Views)
0 Thanks
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: IDS dos parser : tcp syn flood: and oddities in aftermath

‎07-12-2012 10:15 PM

Every time I've done some whois lookups on the IP addresses in the router log that were trying to connect to the telnet port, there are several from Turk Telecom address ranges.
It's plausible some malware might crash your computer, and also instruct some computers on the internet, probably part of a botnet, to flood your broadband connection, to make you more likely to believe some popup or telephone call scam telling you that your computer needs fixing, but wouldn't have thought it was worth the effort.
Message 4 of 4
(759 Views)
0 Thanks