"syn flood attack" How do I investigate this?
I have been reading many lines in my routers log saying "syn flood attack detected, packet dropped" No ip for the alleged attacker is displayed though. How do I know if this is a real attack and not a false positive, and more importantly, find out who is trying to attack me?
Does suse 9.3 contain any tools in it's firewall or elsewhere that can analize the traffic? Or are there programs I should download and install for this purpose? Thanks
|