TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
I experienced a similar situation. In our case, the cause of the problem
was our Proxy Server. Because the Sensor was seeing the SYN requests from
users out to the internet via the proxy, but not seeing the SYN ACKS as they
were coming BACK to the proxy and being NAT'd back, Realsecure assumed it
was a Synflood.
Michael Boehnlein
Network Security Engineer
Imperial Bank
-----Original Message-----
From: Ramiro Antonio Marulanda Zapata [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 22, 2001 3:18 PM
To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
Subject: SYNFlood
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Hi, I want to know if somebody can help me.
Currently I am receiving too many events SYNFlood in those that the source
IP address is 0.0.0.0 and the destination IP address is of public domain,
that is to say, addresses of pages in Internet. Now, the addresses IP
spoofing is always the same ones two belonging to the internal network
segment of the company. I thank the collaboration that you/they can lend me.
I have RS v. 6.0 Console and the RS Sensor Network v. 6.0.
Regards!
_____________________________________
Ramiro Marulanda Zapata.
Security Analyst
Cyberia S.A., Medell�n-Colombia
Tel. 3129320-3129321
E-mail: [EMAIL PROTECTED]
_____________________________________
