cancel
Showing results for 
Search instead for 
Did you mean: 

IDS dos parser : tcp syn flood: and oddities in aftermath

Luzern
Seasoned Pro
Posts: 2,917
Thanks: 241
Fixes: 2
Registered: 31-07-2007

IDS dos parser : tcp syn flood: and oddities in aftermath

Dec 7 15:12:51	IDS dos parser : tcp syn flood (1 of 1) : 78.187.224.67 87.113.187.108 0060 TCP 2309->23 [S.....] seq 2083828245 win 5808

Can anyone tell me what a tcp syn flood means? I'll take a wild guess that it has nothing to do with Noah's Ark Cheesy
My computer blacked out at about the time of the above and seemed to be  restored immediately, though I did not log in again for a few hours.
Everything seems normal with no loss of sync, as speed identical and BT Test gave sensible results.
Now, here's the oddity. The Routerstats log shows a continuous connection from this morning until ~1620. then a gap to ~1835 when I logged on to Windows, From then on Routerstats is showing running at 0 sync and 0 snr, despite the internet connection being very goof.
I cannot think, but could there be a connection between the events?
No one has to agree with my opinion, but in the time I have left a miracle would be nice.
3 REPLIES
Community Veteran
Posts: 4,969
Thanks: 362
Fixes: 16
Registered: 10-06-2010

Re: IDS dos parser : tcp syn flood: and oddities in aftermath

TCP SYN = first incoming packet trying to establish a connection
flood = too many of them in too little time
port 23 = telnet
So it's just the usual from TurkTelekom. There's the same sort of thing in my router's log, from November 18th and 20th.
Luzern
Seasoned Pro
Posts: 2,917
Thanks: 241
Fixes: 2
Registered: 31-07-2007

Re: IDS dos parser : tcp syn flood: and oddities in aftermath

Quote
So it's just the usual from TurkTelekom
Who the devil are they?
From reply I assume no connection with events after?
No one has to agree with my opinion, but in the time I have left a miracle would be nice.
Community Veteran
Posts: 4,969
Thanks: 362
Fixes: 16
Registered: 10-06-2010

Re: IDS dos parser : tcp syn flood: and oddities in aftermath

Every time I've done some whois lookups on the IP addresses in the router log that were trying to connect to the telnet port, there are several from Turk Telecom address ranges.
It's plausible some malware might crash your computer, and also instruct some computers on the internet, probably part of a botnet, to flood your broadband connection, to make you more likely to believe some popup or telephone call scam telling you that your computer needs fixing, but wouldn't have thought it was worth the effort.