The IRC programs pops up in a window when you start the NT box... you can close it down easily enough.... but I'll be darned if I can find where the program is
-----Original Message----- From: Chris Santerre [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 2:08 PM To: 'Steve Suehring'; Tim Laureska Cc: security-basics Subject: RE: TCP Syn Flooding You mentioned an IRC program on the NT box. Is it still running or did you kill it? It could be trying to "phone home". Just another idea. > -----Original Message----- > From: Steve Suehring [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 18, 2003 8:57 AM > To: Tim Laureska > Cc: security-basics > Subject: Re: TCP Syn Flooding > > > > While I obviously can't guarantee it, I would sincerely doubt > that there > is a true syn flood taking place sourced in the doubleclick > network. What > were you doing at the time? Possibly surfing the web? Those > source and > destination ports look awfully like you were surfing the web and > doubleclick's side tried to open a connection to you for their load > balancing software. > > My guess would be that the netgear is picking up a false positive. > > Searching deja reveals that this may be the case after all: > > http://groups.google.com/groups?oi=djq&selm=an_523012517 > > Steve > > > > > On Sat, Feb 15, 2003 at 09:20:46AM -0500, Tim Laureska wrote: > > OK. I just installed a Netgear firewall box between a cable > modem and a > > NT 4.0 server on a small network.. and set it up to email > me attempts at > > security breaches. I am brand new to these devices and a relative > > neophyte to internet/internal network security. So the question is > > this. > > > > I received this message a few times yesterday after I > installed the box: > > > > > > Fri, 02/14/2003 20:35:01 - TCP connection dropped - > > Source:205.138.3.201, 80, WAN - Destination:69.2.167.25, > 20306, LAN - > > 'TCP:Syn Flooding' End of Log ---------- > > > > What should I make of this? > > > > T. > > > > >
