1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Port Syn. attacks

Discussion in 'Virus & Other Malware Removal' started by izme, Apr 28, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. izme

    izme Thread Starter

    Joined:
    Mar 4, 2004
    Messages:
    33,764
    I am constantly being slammed by Port Syn. attacks from Canada, I trace the attacker and have an extensive log on these attacks

    What exactly are they and Can I take legal action if they persist?

    It seems someone from Canada is trying to install a virus or something on my PC

    Not sure where I stand on this! Or if I used the proper term to refer to these attacks. I just get the message that my firewall had stopped a port syn. attack. So I trace it and log it. I am getting nailed at lest 20 times a day.

    any help or advice would be appreciated!

    :confused:

    ><">
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hi, are you in Canada too?
    it might just be your ISP scanning you to see if your online?

    Try gibson's tool idserve from

    http://grc.com

    to see who is scanning you?

    Sygate pro 5 has a utility, back trace, when you see the diamond shining to see who is scanning your computer?

    I hope this helps

    khaz
     
  3. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    also, the chances might be it's just a ICMP scan to your computer as above? If so, and your fed up with this,

    www.kerio.com

    has a nice firewall rules based. this web-link show's how to configure and set-up kerio, but this is based on kerio 2.1, recently kerio4 came out, but it should be still be applicable?

    http://www.dslextreme.com/users/surferslim/tpf.html

    khaz
     
  4. izme

    izme Thread Starter

    Joined:
    Mar 4, 2004
    Messages:
    33,764
    Nope, I am in the USA

    thanks so much for the Advice, I have never had these type of attacks before, they do not get in, I think!

    It just seems like an invasion of privacy or a hacker to me. I am not sure though, Several IP addys blocked and new one's keep coming up as new attackers. Wierd stuff!


    thanks

    Fish AKA IZME

    ><">
     
  5. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    ok, well i'm in the UK and I get probed from all over the world by the RIPE server, maybe it's just a ISP-Ip scan?

    khaz
     
  6. izme

    izme Thread Starter

    Joined:
    Mar 4, 2004
    Messages:
    33,764
    yah, good point

    No harm is ever done that I know of, it is just that I have never seen these before on my PC, and I have had this forewall for quite awhile. It started about two months ago.

    so as long as no harm is done, I may as well be happy of that! ;)

    Thanks again

    ><">
     
  7. 700mb80min

    700mb80min Banned

    Joined:
    Jul 24, 2003
    Messages:
    2,025
  8. izme

    izme Thread Starter

    Joined:
    Mar 4, 2004
    Messages:
    33,764
    Thanks 700
    but I was under the impression that port Syn. Attacks were different?

    port scans are alittle different then Port Syn. Attacks?

    I have no idea!
    My PC goes into attack mode and this is new to my PC
    Most of them come from Canada, and I have their addys and everything.
    ;)
     
  9. izme

    izme Thread Starter

    Joined:
    Mar 4, 2004
    Messages:
    33,764
    ok, right here I may have found alittle info.

    SYN Attacks
    [an error occurred while processing this directive] The SYN attack relies on half-open connections. When a system receives a SYN packet on a specified port, it responds with a SYN+ACK packet. It then keeps track of the fact that it is waiting for the final ACK for this connection.
    SYN flooding works by flooding the target with lots of SYN packets. This causes the target's buffer of half-open connections to fill until the a timeout is reached. However, the attacker can continue to send SYN packets faster than the buffer timeouts occur, causing the target to be unable to open connections.

    SYN attacks normally spoof the source address of the SYN connection.

    SYN attacks will not affect already existing connections or outgoing connections.

    Why is my main question!
     
  10. izme

    izme Thread Starter

    Joined:
    Mar 4, 2004
    Messages:
    33,764
    You can get attacked if you're ports are not secured. Firewalls secure your ports. If you don't use a firewall, hackers scan ports and then send you trojans over them.

    that's what I was told before. I am properly protected, I just thought some ticked off or bad person was trying to get a worm or some other virus onto my PC and wondered If I could go after them? Well short of blasting them back which I feel is not right

    ><">
     
  11. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    Izme,

    your never protected from the net, it doesn't matter what kinda firewall you have, thay are all software based anyway! Before the firewall trolls kick in, firewalls, are software, even hardware firewalls are just software running on a box, delegated as a firewall hooked up to a pc or a network. If hackers can get past NASA etc then they can probe us too, but we're just being probed by the wee boysand mostly our ISPs.

    khaz
     
  12. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    Izme,

    have you just moved to broadband? There are more scans on that rather than a 56k dial up, if you have something like linksys oruter then your logs will show a lot of activity and scans, it's quite normal?

    khaz
     
  13. izme

    izme Thread Starter

    Joined:
    Mar 4, 2004
    Messages:
    33,764
    yah, I realize we are not real safe if someone try's to get in, but no firewall or anti virus is worse! Hackers are spending most of their time trying to figure out new hacking methods ect.

    I do have a Linksys Modem and am on Cable, but I never had these type of attacks and so many, but as I said before, No harm done so far. Just dislike this is all.

    thanks

    ><">
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/224698

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice