-
SYN Attack..
i am new to computer forensic...and i got this msg like this...it is quite offen...
my firewall blocked an attempt to attack your machine using a "SYN Flood" attack. The remote address associated with the traffic was 64.123.15.20. The remote port was 4768 [ephemeral]. The local port on your PC was 6346. The network adapter for the traffic was "Dial-Up Adapter".
The binary data contained in the packet was "44 45 53 54 00 00 20 53 52 43 00 00 08 00 45 00 00 30 98 61 40 00 70 06 ff eb 40 7b 0f 14 cb 7d 57 6e 12 a0 18 ca 0e cb 54 2c 00 00 00 00 70 02 fa f0 87 5a 00 00 02 04 05 ac 01 01 04 02 00 00 ".
how do i interpret the packet...
this too...
blocked an outgoing ICMP packet. The ICMP type code was 10. The remote address associated with the traffic was 224.0.0.2. The network adapter for the traffic was "Dial-Up Adapter".
The binary data contained in the packet was "01 00 5e 00 00 02 44 45 53 54 00 00 08 00 45 00 00 1c 00 00 00 00 80 01 37 22 cb 7d 58 3f e0 00 00 02 0a 00 f5 ff 00 00 00 00 68 8b 0f 45 c8 74 00 00 00 00 ff ff ff ff 77 06 cc 8b c9 43 07 05 ".
they seems to be a frequent attack...
blocked an outgoing ICMP packet. The ICMP type code was 10. The remote address associated with the traffic was 224.0.0.2. The network adapter for the traffic was "Dial-Up Adapter".
The binary data contained in the packet was "01 00 5e 00 00 02 44 45 53 54 00 00 08 00 45 00 00 1c 00 00 00 00 80 01 37 22 cb 7d 58 3f e0 00 00 02 0a 00 f5 ff 00 00 00 00 68 8b 0f 45 c8 74 00 00 00 00 ff ff ff ff 77 06 cc 8b c9 43 07 05 ".
these attacks a frenquent...
-
You might want to take a look at this site for your SYN flood question. On page 5 you will find info about what your packet contains.
http://www.creangel.com/papers/ipspoof.pdf
Your outbound ICMP type 10 traffic is router related. You can find ICMP types here:
http://www2.dgsys.com/~lkh/icmp.html
The address 224.0.0.2 is a multicast address which will send a message to all routers on your subnet. You can find information about multicast addresses here:
http://www.iana.org/assignments/multicast-addresses