Results 1 to 2 of 2

Thread: SYN Attack..

  1. #1
    Senior Member
    Join Date
    Dec 2002
    Posts
    144

    SYN Attack..

    i am new to computer forensic...and i got this msg like this...it is quite offen...

    my firewall blocked an attempt to attack your machine using a "SYN Flood" attack. The remote address associated with the traffic was 64.123.15.20. The remote port was 4768 [ephemeral]. The local port on your PC was 6346. The network adapter for the traffic was "Dial-Up Adapter".

    The binary data contained in the packet was "44 45 53 54 00 00 20 53 52 43 00 00 08 00 45 00 00 30 98 61 40 00 70 06 ff eb 40 7b 0f 14 cb 7d 57 6e 12 a0 18 ca 0e cb 54 2c 00 00 00 00 70 02 fa f0 87 5a 00 00 02 04 05 ac 01 01 04 02 00 00 ".

    how do i interpret the packet...

    this too...

    blocked an outgoing ICMP packet. The ICMP type code was 10. The remote address associated with the traffic was 224.0.0.2. The network adapter for the traffic was "Dial-Up Adapter".

    The binary data contained in the packet was "01 00 5e 00 00 02 44 45 53 54 00 00 08 00 45 00 00 1c 00 00 00 00 80 01 37 22 cb 7d 58 3f e0 00 00 02 0a 00 f5 ff 00 00 00 00 68 8b 0f 45 c8 74 00 00 00 00 ff ff ff ff 77 06 cc 8b c9 43 07 05 ".

    they seems to be a frequent attack...

    blocked an outgoing ICMP packet. The ICMP type code was 10. The remote address associated with the traffic was 224.0.0.2. The network adapter for the traffic was "Dial-Up Adapter".

    The binary data contained in the packet was "01 00 5e 00 00 02 44 45 53 54 00 00 08 00 45 00 00 1c 00 00 00 00 80 01 37 22 cb 7d 58 3f e0 00 00 02 0a 00 f5 ff 00 00 00 00 68 8b 0f 45 c8 74 00 00 00 00 ff ff ff ff 77 06 cc 8b c9 43 07 05 ".

    these attacks a frenquent...
    BlAcKiE
    GearBlitz

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    112
    You might want to take a look at this site for your SYN flood question. On page 5 you will find info about what your packet contains.

    http://www.creangel.com/papers/ipspoof.pdf

    Your outbound ICMP type 10 traffic is router related. You can find ICMP types here:

    http://www2.dgsys.com/~lkh/icmp.html

    The address 224.0.0.2 is a multicast address which will send a message to all routers on your subnet. You can find information about multicast addresses here:

    http://www.iana.org/assignments/multicast-addresses
    If you receive something that says \'Send this to everyone you know,\' pretend you don\'t know me.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •