You mentioned an IRC program on the NT box. Is it still running or did you kill it? It could be trying to "phone home". Just another idea.
> -----Original Message----- > From: Steve Suehring [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 18, 2003 8:57 AM > To: Tim Laureska > Cc: security-basics > Subject: Re: TCP Syn Flooding > > > > While I obviously can't guarantee it, I would sincerely doubt > that there > is a true syn flood taking place sourced in the doubleclick > network. What > were you doing at the time? Possibly surfing the web? Those > source and > destination ports look awfully like you were surfing the web and > doubleclick's side tried to open a connection to you for their load > balancing software. > > My guess would be that the netgear is picking up a false positive. > > Searching deja reveals that this may be the case after all: > > http://groups.google.com/groups?oi=djq&selm=an_523012517 > > Steve > > > > > On Sat, Feb 15, 2003 at 09:20:46AM -0500, Tim Laureska wrote: > > OK. I just installed a Netgear firewall box between a cable > modem and a > > NT 4.0 server on a small network.. and set it up to email > me attempts at > > security breaches. I am brand new to these devices and a relative > > neophyte to internet/internal network security. So the question is > > this. > > > > I received this message a few times yesterday after I > installed the box: > > > > > > Fri, 02/14/2003 20:35:01 - TCP connection dropped - > > Source:205.138.3.201, 80, WAN - Destination:69.2.167.25, > 20306, LAN - > > 'TCP:Syn Flooding' End of Log ---------- > > > > What should I make of this? > > > > T. > > > > >
