TCP Flood: what is it? Why so little on it?

Firstly, since this was an INTERNAL machine, I'd have a hard time describing this as an "attack".  Since you (presumably) control both the internal networks as well as all internal machines, this problem is really your responsibility.  If, as seems to be the case, you have the responsibility but no ability to control, you should take steps to immediately gain control of all systems that plug into your internal network.

There is, however, a LOT of information about this problem.  I think you're just not looking in the right place:

http://www.networkcomputing.com/unixworld/security/004/004.txt.html
http://www.iss.net/security_center/advice/Exploits/TCP/SYN_flood/default.htm
http://www.webopedia.com/TERM/T/TCP_SYN_attack.html
http://www.securityfocus.com/infocus/1729

just to point out a few...

It would be possible to analyze the attack, even if there is one with 'logs'. Do you have any kind of captured logs on when this happened ?

Cheers,
Rajesh

NOTE: x.x.x.x = internal IP address

I have logs from my firewall:

2006-06-05 12:42:57 - TCP Flood - Source:x.x.x.x,50448,LAN - Destination:208.64.252.66,80,WAN

Here is a sample of my log files just before my connection went out on June 26 (again, from firewall):

Mon, 2006-06-26 11:43:16 - TCP packet - Source:x.x.x.x,1929 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(3) not match]
Mon, 2006-06-26 11:43:16 - TCP packet - Source:x.x.x.x,1929 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Default rule match]
Mon, 2006-06-26 11:43:16 - TCP packet - Source:x.x.x.x,1930 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(1) not match]
Mon, 2006-06-26 11:43:16 - TCP packet - Source:x.x.x.x,1930 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(2) not match]
Mon, 2006-06-26 11:43:16 - TCP packet - Source:x.x.x.x,1930 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(3) not match]
Mon, 2006-06-26 11:43:16 - TCP packet - Source:x.x.x.x,1930 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Default rule match]
Mon, 2006-06-26 11:43:16 - TCP packet - Source:x.x.x.x,1931 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(1) not match]
Mon, 2006-06-26 11:43:16 - TCP packet - Source:x.x.x.x,1931 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(2) not match]
Mon, 2006-06-26 11:43:16 - TCP packet - Source:x.x.x.x,1931 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(3) not match]
Mon, 2006-06-26 11:43:16 - TCP packet - Source:x.x.x.x,1931 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Default rule match]
Mon, 2006-06-26 11:43:16 - TCP packet - Source:x.x.x.x,1932 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(1) not match]
Mon, 2006-06-26 11:43:17 - TCP packet - Source:x.x.x.x,1932 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(2) not match]
Mon, 2006-06-26 11:43:17 - TCP packet - Source:x.x.x.x,1932 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(3) not match]
Mon, 2006-06-26 11:43:17 - TCP packet - Source:x.x.x.x,1932 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Default rule match]
Mon, 2006-06-26 11:43:17 - TCP packet - Source:x.x.x.x,1933 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(1) not match]
Mon, 2006-06-26 11:43:17 - TCP packet - Source:x.x.x.x,1933 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(2) not match]
Mon, 2006-06-26 11:43:17 - TCP packet - Source:x.x.x.x,1933 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(3) not match]
Mon, 2006-06-26 11:43:17 - TCP packet - Source:x.x.x.x,1933 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Default rule match]
Mon, 2006-06-26 11:43:17 - TCP packet - Source:x.x.x.x,1934 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(1) not match]
Mon, 2006-06-26 11:43:17 - TCP packet - Source:x.x.x.x,1934 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(2) not match]
Mon, 2006-06-26 11:43:17 - TCP packet - Source:x.x.x.x,1934 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(3) not match]
Mon, 2006-06-26 11:43:17 - TCP packet - Source:x.x.x.x,1934 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Default rule match]
Mon, 2006-06-26 11:43:17 - TCP packet - Source:x.x.x.x,1935 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(1) not match]
Mon, 2006-06-26 11:43:17 - TCP packet - Source:x.x.x.x,1935 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(2) not match]
Mon, 2006-06-26 11:43:17 - TCP packet - Source:x.x.x.x,1935 ,LAN - Destination:208.64.252.66,80[HTTP] ,WAN [Forward] - [Outbound Rule(3) not match]

Well, it is not an attack. The ip address 208.64.252.66 => SilverJewleryclub.com

If you look at the time stamp, it has done only twice by minute wise but many communication attempts in seconds. Just open this site in your browser and you can see that, this site keeps refreshing and hence the connection attempt.

I presume, somebody inside your network opened this page and minimized it, so it kept trying to refresh.

Cheers,
Rajesh

I understand this, but why does it keep trying on different ports?  The number of tries per second is also troubling - the silverjewelry club updates ever 5 minutes or so.  Why so many attempts from an internal machine?

Come ot think of it, could a faulty network card be the cause?  Could a network card just simply go haywire and make that many requests that quickly?

The best answers were to run a software that monitors the connection (ethereal, sygate).  I gave more points to the sygate suggestion because it's a little easier to understand and read a personal firewall than an analyzer like ethereal.

Thanks to all who particiapted here!