That your firewall is doing it's job, and that you were right to install one. You firewall is telling you that someone attempted a syn flood. Basically they're violating the tcp three way handshake by sending repeated syn packets in the hopes that it will create a denial of service condition on your server, and possibly cause a stack crash which would allow priveledge escalation. The message is saying that it was detected and the connection dropped to prevent further meddling on their part.From: "Tim Laureska" <[EMAIL PROTECTED]> OK. I just installed a Netgear firewall box between a cable modem and a NT 4.0 server on a small network.. and set it up to email me attempts at security breaches. I am brand new to these devices and a relative neophyte to internet/internal network security. So the question is this.I received this message a few times yesterday after I installed the box: Fri, 02/14/2003 20:35:01 - TCP connection dropped - Source:205.138.3.201, 80, WAN - Destination:69.2.167.25, 20306, LAN - 'TCP:Syn Flooding' End of Log ---------- What should I make of this?
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Quick, easy, or cheap; pick any two."
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
