Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
IDS dos parser : tcp syn flood: and oddities in aftermath
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- IDS dos parser : tcp syn flood: and oddities in af...
IDS dos parser : tcp syn flood: and oddities in aftermath
07-12-2012 8:27 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Dec 7 15:12:51 IDS dos parser : tcp syn flood (1 of 1) : 78.187.224.67 87.113.187.108 0060 TCP 2309->23 [S.....] seq 2083828245 win 5808
Can anyone tell me what a tcp syn flood means? I'll take a wild guess that it has nothing to do with Noah's Ark
My computer blacked out at about the time of the above and seemed to be restored immediately, though I did not log in again for a few hours.
Everything seems normal with no loss of sync, as speed identical and BT Test gave sensible results.
Now, here's the oddity. The Routerstats log shows a continuous connection from this morning until ~1620. then a gap to ~1835 when I logged on to Windows, From then on Routerstats is showing running at 0 sync and 0 snr, despite the internet connection being very goof.
I cannot think, but could there be a connection between the events?
No one has to agree with my opinion, but in the time I have left a miracle would be nice.
Message 1 of 4
(2,089 Views)
3 REPLIES 3
Re: IDS dos parser : tcp syn flood: and oddities in aftermath
07-12-2012 8:43 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
TCP SYN = first incoming packet trying to establish a connection
flood = too many of them in too little time
port 23 = telnet
So it's just the usual from TurkTelekom. There's the same sort of thing in my router's log, from November 18th and 20th.
flood = too many of them in too little time
port 23 = telnet
So it's just the usual from TurkTelekom. There's the same sort of thing in my router's log, from November 18th and 20th.
Message 2 of 4
(759 Views)
Re: IDS dos parser : tcp syn flood: and oddities in aftermath
07-12-2012 9:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Who the devil are they?
Quote So it's just the usual from TurkTelekom
From reply I assume no connection with events after?
No one has to agree with my opinion, but in the time I have left a miracle would be nice.
Message 3 of 4
(759 Views)
Re: IDS dos parser : tcp syn flood: and oddities in aftermath
07-12-2012 10:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Every time I've done some whois lookups on the IP addresses in the router log that were trying to connect to the telnet port, there are several from Turk Telecom address ranges.
It's plausible some malware might crash your computer, and also instruct some computers on the internet, probably part of a botnet, to flood your broadband connection, to make you more likely to believe some popup or telephone call scam telling you that your computer needs fixing, but wouldn't have thought it was worth the effort.
It's plausible some malware might crash your computer, and also instruct some computers on the internet, probably part of a botnet, to flood your broadband connection, to make you more likely to believe some popup or telephone call scam telling you that your computer needs fixing, but wouldn't have thought it was worth the effort.
Message 4 of 4
(759 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- IDS dos parser : tcp syn flood: and oddities in af...