republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Common Firewall False Positives
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
NTFS problam »
« Security Focus MS newsletter  
AuthorAll Replies


NetWatchMan
Premium,VIP
join:2001-03-13
Alpharetta, GA

reply to NetWatchMan
Re: Common Firewall False Positives

Here's another great false positive example:

g) Source of probes is *Victim* of Spoofed DoS Attack

One or more attackers Syn-flood a victim web site, sending each TCP connect request with a different randomly spoofed IP address. The victim host sends a response (SYN/ACK) back to each of the spoofed IPs. If the DoS attack is over a long period of time, potentially millions of spoofed IPs may be sent a response packet. Users running firewalls on any of these IPs will log this response packet as a probe.

mNW 2542636 - livejournal.com DoS Attack

I spoke to the owner of the web site above and he confirmed that he indeed was has been under DoS attack in the last day or so.

The link above doesn't show it, but all these "probes" had a *source* TCP port = 80...showing these these were really response packets from the web server. Also notice, that the 4 sensors that picked up this activity all got hit within a VERY short time-frame (2.5 hours). That tells me that whoever was launching this DoS attack must have been generating a boat load of connect attempts at an extremely high rate!
--
Lawrence Baldwin
»www.myNetWatchman.com
Automatic Port Scan Reporting
to forum · permalink · · 2002-01-08 18:32:14 · Reply to this
Forums » Up and Running » Security » SecurityNTFS problam »
« Security Focus MS newsletter  

Monday, 09-Nov 13:56:36 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [51] VoIP Over 3G Still Not Working For iPhone
· [22] Bill Would Force ISPs To Block Financial Scams
· [12] Mediacom Hints At 50, 100 Mbps Speeds
· [10] Clearwire To Get Another $1.5 Billion
· [5] 15 States Have Now Gotten Broadband Mapping Money
· [3] Verizon Keeps Swinging At AT&T
Most people now reading
· Divorce advice... [General Questions]
· 60 Minutes piece on cyber security last night [Security]
· Framed for child porn 151; by a PC virus [Security]
· My cat is reluctant to exercise. [General Questions]
· Blown out Ballasts [Home Repair & Improvement]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· [WIN7] Which Services in Win 7 Have You Turned Off? [Microsoft Help]
· Windows 7 boot manager editing questions [Microsoft Help]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· Security Software Updates - 09 Nov 2009 [Security]