Printable View
hi,
I'm using an unregistered version of mcafee antivirus & firewall...... many times while surfing the internet i get a message "mcafee has intercepted a syn port attack from x.x.x.x" (thats an ip address by the way). Then it offers to trace some computer/server/router.
I understand what "trace" means and does, but whats the meaning of syn port attack ?? :confused:
A TCP connection is setup using a "three-way handshake". This means a series of packets in order SYN, SYN/ACK and an ACK..
A SYN port attack probably means somebody tried to setup a connection (first SYN packet) to a port on your computer. Your firewall should block all connection attempts, check to make sure. If correctly blocked you can safely ignore these alerts. You'll get a lot of them, thanks to all the viruses running rampant on the Internet..
Even though i knew tcp sync. process, i wasnt able to figure out what the term means
Thanks ;)
Without actually seeing what your firewall triggered on to give the alert the syn can be used for several things, one of which is a denial of service attacks(SYN Flooding).
The other could be an attempt to fingerprint your OS, I can't think of a time that it wouldn't be sent to a port. It could be your vendors way of generalizing the many malicious uses of a syn packet and just name the alert "SYN Port Attack"