Results 1 to 4 of 4

Thread: Syn Port attack

  1. #1
    Junior Member Surface's Avatar
    Join Date
    Oct 2005

    Question Syn Port attack


    I'm using an unregistered version of mcafee antivirus & firewall...... many times while surfing the internet i get a message "mcafee has intercepted a syn port attack from x.x.x.x" (thats an ip address by the way). Then it offers to trace some computer/server/router.

    I understand what "trace" means and does, but whats the meaning of syn port attack ??

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    A TCP connection is setup using a "three-way handshake". This means a series of packets in order SYN, SYN/ACK and an ACK..

    A SYN port attack probably means somebody tried to setup a connection (first SYN packet) to a port on your computer. Your firewall should block all connection attempts, check to make sure. If correctly blocked you can safely ignore these alerts. You'll get a lot of them, thanks to all the viruses running rampant on the Internet..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Junior Member Surface's Avatar
    Join Date
    Oct 2005
    Even though i knew tcp sync. process, i wasnt able to figure out what the term means


  4. #4
    Senior Member Opus00's Avatar
    Join Date
    May 2005
    Without actually seeing what your firewall triggered on to give the alert the syn can be used for several things, one of which is a denial of service attacks(SYN Flooding).

    The other could be an attempt to fingerprint your OS, I can't think of a time that it wouldn't be sent to a port. It could be your vendors way of generalizing the many malicious uses of a syn packet and just name the alert "SYN Port Attack"
    There are two rules for success in life:
    Rule 1: Don't tell people everything you know.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts