HELP -- DoS.Generic.SYNFlood! What the heck is this??

Discussion in 'other firewalls' started by m021478, Jun 26, 2008.

Thread Status:
Not open for further replies.
  1. m021478

    m021478 Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    2
    I was downloading a torrent file this evening (a legal one, of course), and all of a sudden my Kaspersky Internet Security 7 software repeatedly informed me of the following type of 'attack':


    I figured it had something to do with my torrent being downloaded so I promptly quit uTorrent, yet I was still receiving the attack notification via KIS7...In a panic I shutdown my computer as quickly as possible, waited several hours before switching it back on again, and now that I am up and running again, I am not getting the attack notification message any more...

    I got about 100 of these in a couple minutes time...I also noticed the following, single entry in KAS7's log file which occurred right in the middle of the 100 notifications cited above:

    Perhaps the reason why I am no longer receiving this attack notification may have something to do with shutting down my machine, but if you look at the first set of attack notifications above, you'll note that it says, "TCP on local port 55256"...55256 is the port in my firewall that I had opened for uTorrent so that it could effectively communicate with the tracker servers...this really freaked me out, and I have yet to reopen that port on my firewall for fear that I will once come under attack...

    I have absolutely no idea whatsoever what the error notifications above are in reference to, if it's something serious that I should somehow protect against, or fix, or block, or whatever...My point here is that I do not have 100% piece of mind regarding my online security when using my computer now...

    Can someone help explain to me:

    • What happened? Should I be concerned, or is this more of a generic event?
    • Is there is anything I should do about it at this point?
    • Is it safe to reopen ports on my router (and if it would be advisable to pick different ports if I do reopen ports)?
    • Should I trash all of the torrents I am in the process of downloading (which are currently paused in my queue) prior to opening any ports?
    • Is there anything I can do to protect myself against such attacks in the future, aside from continuing to run KIS7 (and let's just skip the part where you tell me not to use bittorrent anymore)...

    Any suggestions would be greatly appreciated... Thanks!
     
  2. Get

    Get Guest

    You get a lot of connections using bittorrent, so kaspersky thinks it's a dos-attack which it isn't. You shut down utorrent, but the ones connecting to you don't know that so they stay connecting for a while, but not for eternity. Maybe you can disable the dosattack-notifications while you're "bittorrenting".
     
    Last edited by a moderator: Jun 26, 2008
  3. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    http://www.sniff-em.com/

    Those programs may help if it is a real attack.

    Diddent have time to read the whole post, So just incase.
     
  4. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    It is a 'generic' event and was loosely explained by Get two posts above.

    No. If you're still concerned and have a dynamic WAN IP, you can renew it and the "attacks" will stop.

    Yes, it is safe. It does not matter which port you choose. The one you were using was just fine.

    No.

    KIS is already protecting you by blocking unsolicited packets.

    This would be a very stupid advice. I am certainly not going to say that...

    Cheers,
     
  5. m021478

    m021478 Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    2
    Thanks to everyone for the very informative advice...It's much appreciated!
     
Loading...
Thread Status:
Not open for further replies.