Question

Locked

Syncflood attacks--is this normal?

By techmaster ·
I've recently been checking my Belkin router's security log and I see numerous "Syncflood attacks", as many as 80 incidents per day. Is this normal internet "noise," or am I being singled out for an attack?

Most of the recorded IPs checkout (they're coming from servers all over the world, but mostly China and Russia).

Here's an example:

Found Syncflood attack from 61.147.107.56 in port 2967 => Wed Oct 21 02:59:29 2009
Found Syncflood attack from 61.147.107.56 in port 2967 => Wed Oct 21 02:59:59 2009
Found Syncflood attack from 125.120.153.240 in port 52878 => Wed Oct 21 03:38:12 2009
Found Syncflood attack from 125.120.153.240 in port 52878 => Wed Oct 21 03:38:42 2009

Thanks.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

possibilities

by jck In reply to Syncflood attacks--is thi ...

1) A script kiddie testing out a random IP attack tool, or IP/range-specific tool.

2) Someone doing a specific type of attack on specific ports of your router/machine trying to utilize an (real or hypothesized) exploit

If it keeps happening, report it to your ISP and send them the log showing it. Request they block traffic from that IP and possibly the ISP it derives from.

Most ISPs don't want people hacking their customers, or their own equipment.

Good luck

Collapse -

My take on this is

by OH Smeg In reply to Syncflood attacks--is thi ...

At only Up to 80 reports per day it's Background Noise of a general Sniffer/s being run across the Internet looking for Open Systems.

If you had of been singled out for Special Attention there would be a lot more than 80 Attempts per day. You could have received hundreds or even thousands in under a hour so 80 or less per day is nothing.

But none the less it is a Attack Vector being used for unpatched systems so I would suggest informing your ISP and supplying the Logs or at least a copy so they can do whatever they want to to lock those People out of their system.

Col

Collapse -

Thanks jck & OH Smeg!

by techmaster In reply to My take on this is

I appreciate the feedback.

Collapse -

Your Welcome EOM

by OH Smeg In reply to Thanks jck & OH Smeg!
Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums