TCP FIN STACK e SYN FLOOD [Archivio] - Hardware Upgrade Forum

View Full Version : TCP FIN STACK e SYN FLOOD

pokestudio

22-11-2007, 14:52

Ciao amici, spero possiate aiutarmi perche' sono entrato nel pannello dei controller del router di mia sorella e ho trovato una marea di TCP FIN STACK e SYN FLOOD...

Cancello il registro perche' si riempie e in poco tempo (qualche minuto fa) rieccoli...

11/22/2007 15:47:39 192.168.2.3 login success
11/22/2007 15:47:13 **TCP FIN Scan** 192.168.2.3, 57006->> 213.254.238.144, 80 (from ATM1 Outbound)
11/22/2007 15:47:13 **TCP FIN Scan** 192.168.2.3, 57232->> 209.85.137.166, 80 (from ATM1 Outbound)
11/22/2007 15:47:13 **TCP FIN Scan** 192.168.2.3, 57000->> 62.149.202.230, 80 (from ATM1 Outbound)
11/22/2007 15:47:13 **TCP FIN Scan** 192.168.2.3, 57181->> 145.97.39.155, 80 (from ATM1 Outbound)
11/22/2007 15:47:13 **TCP FIN Scan** 192.168.2.3, 57213->> 62.32.97.21, 80 (from ATM1 Outbound)
11/22/2007 15:47:13 **TCP FIN Scan** 192.168.2.3, 57182->> 212.48.10.47, 80 (from ATM1 Outbound)
11/22/2007 15:47:13 **TCP FIN Scan** 192.168.2.3, 57231->> 62.101.68.245, 80 (from ATM1 Outbound)
11/22/2007 15:47:13 **TCP FIN Scan** 192.168.2.3, 57189->> 212.48.10.152, 80 (from ATM1 Outbound)
11/22/2007 15:42:12 192.168.2.3 logout
11/22/2007 15:39:24 192.168.2.3 login success

cosa significa? Di base quando accade la connessione e' come se si inceppasse... mi date una mano? Grazie mille.

Ah, il router e' un Belkin 54G semplice semplice (forse troppo semplice?)
http://catalog.belkin.com/IWCatProductPage.process?Product_Id=253667

Stev-O

22-11-2007, 19:08

colpa del mulo in genere...

io per il netgear ho risolto per altra via :sofico:

pokestudio

22-11-2007, 19:10

colpa del mulo in genere...

io per il netgear ho risolto per altra via :sofico:

veramente non uso eMulo (o aMule, visto che sono su Mac) ma Transmission (client per BitTorrent).

Ma cio' cosa centra con questo tipo di problema? Mi aiuti a capire?
E qual'e' l'altra via?

Stev-O

22-11-2007, 19:33

uguale

sono i pacchetti frammentati che quei client usano e che i rilevatori settati come troppo aggressivi rilevanocome falso attacco dos

soluzione ??? disattivare la protezione dos

l'altra via ??? modificare la routine di verifica dei pacchetti consentendo di variare la soglia di rilevazione
ma per farlo occorre modificare il firmware

http://img223.imageshack.us/img223/120/snap1ns1.jpg

pokestudio

22-11-2007, 20:17

questo router pero' non ha la possibilta' di modificare quei parametri... e possibile che esistono dei frammenti da oggi pomeriggio? Sono le 21 passate e questo e' l'ultimo dato... continuano a girare sti cosi verso il mio Mac...

come mai?

11/22/2007 20:05:36 **TCP FIN Scan** 192.168.2.3, 50347->> 80.21.148.250, 80 (from ATM1 Outbound)
11/22/2007 19:59:28 **TCP FIN Scan** 192.168.2.3, 50205->> 213.254.238.155, 80 (from ATM1 Outbound)
11/22/2007 19:49:32 **TCP FIN Scan** 192.168.2.3, 49964->> 213.254.238.145, 80 (from ATM1 Outbound)
11/22/2007 19:38:38 **TCP FIN Scan** 192.168.2.3, 49838->> 208.113.136.207, 80 (from ATM1 Outbound)
11/22/2007 19:38:38 **TCP FIN Scan** 192.168.2.3, 49830->> 193.42.160.222, 80 (from ATM1 Outbound)
11/22/2007 19:35:27 **Vecna Scan** 192.168.2.3, 49814->> 88.221.168.174, 443 (from ATM1 Outbound)
11/22/2007 19:30:11 **Vecna Scan** 192.168.2.3, 49814->> 88.221.168.174, 443 (from ATM1 Outbound)
11/22/2007 19:06:20 sending ACK to 192.168.2.5
11/22/2007 19:05:52 **Vecna Scan** 192.168.2.3, 49506->> 209.85.137.83, 443 (from ATM1 Outbound)
11/22/2007 19:05:52 **TCP FIN Scan** 192.168.2.3, 49516->> 209.85.135.147, 80 (from ATM1 Outbound)
11/22/2007 19:05:52 **TCP FIN Scan** 192.168.2.3, 49517->> 66.249.93.189, 80 (from ATM1 Outbound)
11/22/2007 19:05:52 **TCP FIN Scan** 192.168.2.3, 49522->> 70.86.1.200, 80 (from ATM1 Outbound)
11/22/2007 19:05:52 **TCP FIN Scan** 192.168.2.3, 49557->> 213.205.34.43, 80 (from ATM1 Outbound)
11/22/2007 19:05:52 **TCP FIN Scan** 192.168.2.3, 49561->> 213.205.34.44, 80 (from ATM1 Outbound)
11/22/2007 19:05:52 **TCP FIN Scan** 192.168.2.3, 49564->> 213.205.32.10, 80 (from ATM1 Outbound)
11/22/2007 19:00:35 **TCP FIN Scan** 192.168.2.3, 49558->> 213.205.34.44, 80 (from ATM1 Outbound)
11/22/2007 19:00:35 **TCP FIN Scan** 192.168.2.3, 49602->> 89.149.251.101, 80 (from ATM1 Outbound)
11/22/2007 19:00:35 **TCP FIN Scan** 192.168.2.3, 49517->> 66.249.93.189, 80 (from ATM1 Outbound)
11/22/2007 19:00:35 **TCP FIN Scan** 192.168.2.3, 49589->> 64.233.171.104, 80 (from ATM1 Outbound)
11/22/2007 19:00:35 **TCP FIN Scan** 192.168.2.3, 49566->> 213.205.32.10, 80 (from ATM1 Outbound)
11/22/2007 19:00:35 **TCP FIN Scan** 192.168.2.3, 49516->> 209.85.135.147, 80 (from ATM1 Outbound)
11/22/2007 19:00:35 **TCP FIN Scan** 192.168.2.3, 49557->> 213.205.34.43, 80 (from ATM1 Outbound)
11/22/2007 19:00:35 **TCP FIN Scan** 192.168.2.3, 49522->> 70.86.1.200, 80 (from ATM1 Outbound)
11/22/2007 19:00:35 **TCP FIN Scan** 192.168.2.3, 49504->> 209.85.137.83, 443 (from ATM1 Outbound)

Stev-O

23-11-2007, 07:39

si' puo'...

è quasi sicuramente torrent a creare il problema