No... I would agree... just a small network hanging out there for someone to try their luck ... By the way, one of the reasons I put the firewall in place was that an IRC program started showing up on the server ... it would start with NT loading.... I looked all over the server (startup, programs, registry, etc) but couldn't find a reference to it... every seen or heard of this?
-----Original Message----- From: Craig Searle [mailto:[EMAIL PROTECTED]] Sent: Monday, February 17, 2003 5:09 PM To: 'Tim Laureska'; 'security-basics' Subject: RE: TCP Syn Flooding Probably both. TCP SYN floods are usually popular with kiddies due to their relative 'ease of use'. The majority of these attacks are poorly co-ordinated and usually blocked at/by the firewall with relative ease. Having said that, SYN floods are also very effective when used properly.....i.e. by someone (or some people) who actually know what they're doing. In my opinion a small network, with an NT4 server would be viewed as an easy target by a kiddie. Do you think otherwise, Tim? Craig Searle SIFT Pty Ltd www.sift.com.au P (02) 9236 7276 F (02) 9236 7271 M 0402 914 077 E [EMAIL PROTECTED] Level 67, MLC Centre, Martin Place, Sydney NSW 2000 [ABN 42 094 359 743] This correspondence is for the named person's use only. It may contain confidential or legally privileged information or both. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this correspondence in error, please immediately delete it from your system and notify the sender. You must not disclose, copy or rely on any part of this correspondence if you are not the intended recipient. Any opinions expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the opinions of SIFT Pty Ltd. -----Original Message----- From: Tim Laureska [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 18 February 2003 08:58 AM To: 'Craig Searle'; 'security-basics' Subject: RE: TCP Syn Flooding Craig... is there anything particular in the message that makes you think its just a 'script kiddie' trying a DoS attack ... or is that just your thoughts based on experience -----Original Message----- From: Craig Searle [mailto:[EMAIL PROTECTED]] Sent: Monday, February 17, 2003 4:17 PM To: 'Tim Laureska'; 'security-basics' Subject: RE: TCP Syn Flooding Its just a 'script kiddie' trying a DoS attack- I wouldn't really worry if I were you. Your firewall has picked it up and stopped any problems. If you are still concerned you want to consider setting your firewall to block that IP altogether. Craig Searle SIFT Pty Ltd www.sift.com.au P (02) 9236 7276 F (02) 9236 7271 M 0402 914 077 E [EMAIL PROTECTED] Level 67, MLC Centre, Martin Place, Sydney NSW 2000 [ABN 42 094 359 743] This correspondence is for the named person's use only. It may contain confidential or legally privileged information or both. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this correspondence in error, please immediately delete it from your system and notify the sender. You must not disclose, copy or rely on any part of this correspondence if you are not the intended recipient. Any opinions expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the opinions of SIFT Pty Ltd. -----Original Message----- From: Tim Laureska [mailto:[EMAIL PROTECTED]] Sent: Sunday, 16 February 2003 01:21 AM To: security-basics Subject: TCP Syn Flooding OK. I just installed a Netgear firewall box between a cable modem and a NT 4.0 server on a small network.. and set it up to email me attempts at security breaches. I am brand new to these devices and a relative neophyte to internet/internal network security. So the question is this. I received this message a few times yesterday after I installed the box: Fri, 02/14/2003 20:35:01 - TCP connection dropped - Source:205.138.3.201, 80, WAN - Destination:69.2.167.25, 20306, LAN - 'TCP:Syn Flooding' End of Log ---------- What should I make of this? T.