I was just curiously checking my external firewall logs and saw that a bunch of logs (~100) showing "syn flood TCP (L to W)" with the source-IP coming from the assigned IP given by the router to my computer (192.168.167.xxx) with different ports and the destination being some social-website similar to myspace with the port ending in :443.
I used ip-lookup.net and found it going to a social-networking site similar to myspace. My friends sometime use the computer obviously for homework and I allow them to update their pages while browsing in "Private Browsing" in case they stumble upon malicious drive-by downloads. However, I have totally forbidden any downloads of any sort (no file-sharing, etc.).
The outbound "attacks" stopped (according to the time-logs) after they stopped using the social-website and I cleared virtual data.
What is happening? Am I bot-infected?
From what I gather via reading about what is a "syn flood." It is basically the beginning of a DoS attack (denial of service) whereby your computer sends a Syn-packet to another server. The server replies with a Syn-Ack packet to acknowledge the receivement of the packet. Yet your computer does not respond with an Ack-packet to complete the connection (either maliciously or simply delay in connections.
The other alternatives I gathered from this is simply the connection was severed/dropped/timed-out prior to this computer sending the Ack packet; thereby the external firewall registered it as being an attack due to the repetitions?
I was watching them and all web browsing was done using ZA Forcefield in Private Browsing mode (with protection always active).
ZoneAlarm ISS logs show nothing during the ~30-40minutes that those events occurred.
Message Edited by riceorony on 07-22-2008 09:09 AM