Solved

HIGH TCP CONNECT ERROR SYSTEM PORT 25 MAY BE UNDER SYN FLOOD

Posted on 1997-12-16
1
288 Views
Last Modified: 2013-12-23
This is the second time this message has appeared on our corporate email server and each time, the server can not be contacted via the network. All mail connections as well as other connection types fail.

I wonder if this is a TCP bug or if somebody is trying to hack into the system.

Does anybody know what this message means?
0
Comment
Question by:gilly
1 Comment
 
LVL 5

Accepted Solution

by:
n0thing earned 100 total points
Comment Utility
Hi,

   Your machine seems to be under Denial of Service attack from
hackers or your competitor.
When a system (called the client) attempts to establish a TCP connection to a system providing a service (the server), the client and server exchange a set sequence of messages. This connection technique applies to all TCP connections--telnet, Web, email, etc.

     The client system begins by sending a SYN message to the server. The server then acknowledges the SYN message by sending SYN-ACK message to the client. The client then finishes establishing the connection by responding with an ACK message. The connection between the client and the server is then open, and the service-specific data can be exchanged between the client and the server. Here is a view of this message flow:

                Client                  Server
                ------                  ------
                SYN-------------------->

                   <--------------------SYN-ACK

                ACK-------------------->

                     Client and server can now
                     send service-specific data

     The potential for abuse arises at the point where the server system has sent an acknowledgment (SYN-ACK) back to client but has not yet received the ACK message. This is what we mean by half-open connection. The server has built in its system memory a data structure describing all pending connections. This data structure is of finite size, and it can be made to overflow by intentionally creating too many partially-open connections.
   
     One way to stop it is to filter all inbound packets and reject all spoofed packets from your routers.

0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now