Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: SYN question

SYN question 7 years 5 days ago #32911

  • kogula14
  • kogula14's Avatar
  • Offline
  • Frequent Member
  • Posts: 49
  • Karma: 0
Hi,

I found out my client web page cannot be load as it shows "Connection Timed Out" error message. I suspected that maybe got SYN attack in that server. After i run the below command:-

[root@server1403 ~]# netstat -n | grep :80 | grep SYN |wc -l
157

My question is:-

When i check, one 1 Ip utilze 1 SYN. Is it really a SYN attack or not?
Or it is high load due to high users at one time, that is why can't open the web page??

Thanks
The administrator has disabled public write access.

Syn Attack 7 years 5 days ago #32919

  • cooluswiz
  • cooluswiz's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Assuming that you know the three way handshake, is the web server in DMZ - Behind the firewall. Further take a trace on your firewall preferably on both interfaces (Inbound/Outbound) to eliminate the same.
The administrator has disabled public write access.

Re: SYN question 7 years 4 days ago #32933

  • kogula14
  • kogula14's Avatar
  • Offline
  • Frequent Member
  • Posts: 49
  • Karma: 0
Hi,

I couldn't understand the thing that you mentioned (take a trace on your firewall preferably on both interfaces (Inbound/Outbound) to eliminate the same.)

Do you mean take traceroute or doing netstat??
The administrator has disabled public write access.

Re: SYN question 7 years 4 days ago #32940

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
kogula14, May be you've done this already but just in case,

Try this at the command prompt of the server:

netstat -n -p TCP

If you see a big list of connections with state: SYN_RECEIVED. Then this could indicate SYN attack.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: SYN question 7 years 3 days ago #32943

  • FishNBone
  • FishNBone's Avatar
  • Offline
  • Frequent Member
  • Posts: 33
  • Karma: 0
Hi all!

kogula14 i tried your command on windows vista cmd, mine got alot of 'ESTABLISHED' word in the status and one 'CLOSE_WAIT' and a 'SYN_SENT' what does all of these mean?

Thank you!
The administrator has disabled public write access.

Re: SYN question 6 years 10 months ago #33301

  • kogula14
  • kogula14's Avatar
  • Offline
  • Frequent Member
  • Posts: 49
  • Karma: 0
Hi,

Thanks for every1 help me...

support.microsoft.com/kb/137984
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.089 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup