Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

HIGH TCP CONNECT ERROR SYSTEM PORT 25 MAY BE UNDER SYN FLOOD

Posted on 1997-12-16
1
Medium Priority
?
299 Views
Last Modified: 2013-12-23
This is the second time this message has appeared on our corporate email server and each time, the server can not be contacted via the network. All mail connections as well as other connection types fail.

I wonder if this is a TCP bug or if somebody is trying to hack into the system.

Does anybody know what this message means?
0
Comment
Question by:gilly
1 Comment
 
LVL 5

Accepted Solution

by:
n0thing earned 300 total points
ID: 1583052
Hi,

   Your machine seems to be under Denial of Service attack from
hackers or your competitor.
When a system (called the client) attempts to establish a TCP connection to a system providing a service (the server), the client and server exchange a set sequence of messages. This connection technique applies to all TCP connections--telnet, Web, email, etc.

     The client system begins by sending a SYN message to the server. The server then acknowledges the SYN message by sending SYN-ACK message to the client. The client then finishes establishing the connection by responding with an ACK message. The connection between the client and the server is then open, and the service-specific data can be exchanged between the client and the server. Here is a view of this message flow:

                Client                  Server
                ------                  ------
                SYN-------------------->

                   <--------------------SYN-ACK

                ACK-------------------->

                     Client and server can now
                     send service-specific data

     The potential for abuse arises at the point where the server system has sent an acknowledgment (SYN-ACK) back to client but has not yet received the ACK message. This is what we mean by half-open connection. The server has built in its system memory a data structure describing all pending connections. This data structure is of finite size, and it can be made to overflow by intentionally creating too many partially-open connections.
   
     One way to stop it is to filter all inbound packets and reject all spoofed packets from your routers.

0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question