From: nhatphuc (nhatphuc@gmail.com)
Date: Wed Jun 18 2008 - 00:29:07 ART
Hi Group,
My Cisco Security Agent Management Center alerts many SYN Flood Attack from
IP addresses of my network ranges:
Alert for Front End Mail server
A potential SYN Flood attack is currently in progress. 11 unresponsive
connection attempts have been detected since the last notification. Source
addresses included x.x.x.x. Ports included TCP/10163.
A potential SYN Flood attack is currently in progress. 8 unresponsive
connection attempts have been detected since the last notification. Source
addresses included y.y.y.y. Ports included TCP/80.
A potential SYN Flood attack is currently in progress. 8 unresponsive
connection attempts have been detected since the last notification. Source
addresses included z.z.z.z. Ports included TCP/110.
A potential SYN Flood attack is currently in progress. 8 unresponsive
connection attempts have been detected since the last notification. Source
addresses included x.y.z.t. Ports included TCP/25
Alert for Front End DNS Server
A potential SYN Flood attack is currently in progress. 17 unresponsive
connection attempts have been detected since the last notification. Source
addresses included t.z.y.x. Ports included TCP/53.
A potential SYN Flood attack is currently in progress. 4 unresponsive
connection attempts have been detected since the last notification. Source
addresses included y.x.t.z. Ports included TCP/53.
A potential SYN Flood attack is currently in progress. 4 unresponsive
connection attempts have been detected since the last notification. Source
addresses included z.t.y.k. Ports included TCP/53.
I don't see any rule associated with these alert.
Can you help me to stop this and trace the root of this problem?
Thanks
Phuc
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:22 ART