Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: SYN question

SYN question 8 years 6 months ago #32911

Hi,

I found out my client web page cannot be load as it shows "Connection Timed Out" error message. I suspected that maybe got SYN attack in that server. After i run the below command:-

[root@server1403 ~]# netstat -n | grep :80 | grep SYN |wc -l
157

My question is:-

When i check, one 1 Ip utilze 1 SYN. Is it really a SYN attack or not?
Or it is high load due to high users at one time, that is why can't open the web page??

Thanks

Please Log in to join the conversation.

Syn Attack 8 years 6 months ago #32919

Assuming that you know the three way handshake, is the web server in DMZ - Behind the firewall. Further take a trace on your firewall preferably on both interfaces (Inbound/Outbound) to eliminate the same.

Please Log in to join the conversation.

Re: SYN question 8 years 6 months ago #32933

Hi,

I couldn't understand the thing that you mentioned (take a trace on your firewall preferably on both interfaces (Inbound/Outbound) to eliminate the same.)

Do you mean take traceroute or doing netstat??

Please Log in to join the conversation.

Re: SYN question 8 years 6 months ago #32940

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1577
  • Karma: 3
  • Thank you received: 7
kogula14, May be you've done this already but just in case,

Try this at the command prompt of the server:

netstat -n -p TCP

If you see a big list of connections with state: SYN_RECEIVED. Then this could indicate SYN attack.

Please Log in to join the conversation.

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx

Re: SYN question 8 years 6 months ago #32943

Hi all!

kogula14 i tried your command on windows vista cmd, mine got alot of 'ESTABLISHED' word in the status and one 'CLOSE_WAIT' and a 'SYN_SENT' what does all of these mean?

Thank you!

Please Log in to join the conversation.

Re: SYN question 8 years 5 months ago #33301

Hi,

Thanks for every1 help me...

support.microsoft.com/kb/137984

Please Log in to join the conversation.

  • Page:
  • 1
  • 2
Time to create page: 0.166 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup