My Security Router Logs

Discussion in 'other firewalls' started by arran, Mar 19, 2011.

Thread Status:
Not open for further replies.
  1. arran

    arran Registered Member

    Feb 5, 2008
    I have a RVS4000 Gigabit Security Router sitting between my pc and modem, my modem doesn't have a firewall, and interestingly these are the things it has been blocking recently.

    Possible DoS HGOD SynKiller Flooding
    P2P Vagaa connection attempt - 2
    DoS MS-SQL Slammer Worm

    Can a firewall expert explain 1 by 1 what they are?
  2. Heimdall

    Heimdall Registered Member

    Jul 29, 2009
    HGOd is a utility for creating Denial of Service attacks, SYN is one of the switches that can be used for to create a specific attack type, i.e. syn floods

    This indicates a TCP frame was received with inappropriate flags, syn/fin back-to-back. This can be used by something like nmap when probing for OS types, as different operating systems respond differently.

    Vagaa is a somewhat depreciated Chinese p2p client. If you're not running the client, it's probably Internet background noise.

    L4 refers to layer 4 in the OSI stack an example an L4 protocol is TCP. receipt of these frames could indicate probing for OS detection, based on windows size. As with the TCP bad Flag, different operating systems respond differently.

    A older worm used to exploit an old version of Microsoft SQL server.

    Most of these could simpley be background traffic, such is the Internet. However, if you're seeing these in high quantities, you may want to investigate further, as some of them can degrade bandwidth.
Thread Status:
Not open for further replies.