Solved

HIGH TCP CONNECT ERROR SYSTEM PORT 25 MAY BE UNDER SYN FLOOD

Posted on 1997-12-16
1
292 Views
Last Modified: 2013-12-23
This is the second time this message has appeared on our corporate email server and each time, the server can not be contacted via the network. All mail connections as well as other connection types fail.

I wonder if this is a TCP bug or if somebody is trying to hack into the system.

Does anybody know what this message means?
0
Comment
Question by:gilly
1 Comment
 
LVL 5

Accepted Solution

by:
n0thing earned 100 total points
ID: 1583052
Hi,

   Your machine seems to be under Denial of Service attack from
hackers or your competitor.
When a system (called the client) attempts to establish a TCP connection to a system providing a service (the server), the client and server exchange a set sequence of messages. This connection technique applies to all TCP connections--telnet, Web, email, etc.

     The client system begins by sending a SYN message to the server. The server then acknowledges the SYN message by sending SYN-ACK message to the client. The client then finishes establishing the connection by responding with an ACK message. The connection between the client and the server is then open, and the service-specific data can be exchanged between the client and the server. Here is a view of this message flow:

                Client                  Server
                ------                  ------
                SYN-------------------->

                   <--------------------SYN-ACK

                ACK-------------------->

                     Client and server can now
                     send service-specific data

     The potential for abuse arises at the point where the server system has sent an acknowledgment (SYN-ACK) back to client but has not yet received the ACK message. This is what we mean by half-open connection. The server has built in its system memory a data structure describing all pending connections. This data structure is of finite size, and it can be made to overflow by intentionally creating too many partially-open connections.
   
     One way to stop it is to filter all inbound packets and reject all spoofed packets from your routers.

0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Network connections wi-fi configuration issue 6 30
VPS for routing recomendations 3 49
New firewall implementation guidance 12 57
Wired Network vs Wireless 12 55
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question