what is this? my router intrusion detection output....
TCP SYN FLOOD attack 193.219.51.28 192.168.11.2 2005/06/14 13:08:03 - 2005/06/14 13:08:03 1
67.175.134.45 192.168.11.2 2005/06/14 13:08:02 - 2005/06/14 13:08:05 2 212.56.29.225 192.168.11.2 2005/06/14 13:07:59 - 2005/06/14 13:08:03 2 212.78.204.130 192.168.11.2 2005/06/14 13:07:58 - 2005/06/14 13:07:58 1 84.137.103.57 192.168.11.2 2005/06/14 13:07:54 - 2005/06/14 13:07:57 3 196.13.63.165 192.168.11.2 2005/06/14 13:07:52 - 2005/06/14 13:08:05 4 24.211.138.201 192.168.11.2 2005/06/14 13:07:48 - 2005/06/14 13:07:57 4 68.188.178.210 192.168.11.2 2005/06/14 13:07:47 - 2005/06/14 13:07:49 2 85.76.161.72 192.168.11.2 2005/06/14 13:07:43 - 2005/06/14 13:07:43 1 152.1.96.57 192.168.11.2 2005/06/14 13:07:41 - 2005/06/14 13:08:03 5 84.159.133.76 192.168.11.2 2005/06/14 13:07:40 - 2005/06/14 13:07:40 1 62.57.106.24 61.238.68.250 2005/06/14 13:07:36 - 2005/06/14 13:07:36 1 66.11.182.91 192.168.11.2 2005/06/14 13:07:32 - 2005/06/14 13:07:32 1 84.163.19.65 192.168.11.2 2005/06/14 13:07:32 - 2005/06/14 13:07:39 2 do i need to do something? (like setting up a firewall?) |
Nice. I suppose that only happens on your Hong Kong gigabit lan hey!?
Your router probably has a firewall already, hence the output. It may be set over-sensitive, with so many different sources listed... Maybe just a false alarm. |
yeah, agree with the above post, probably just a fly-by syn probe... keep an eye on your logs and maybe set the firewall to ignore syn floods.
|
All times are GMT -5. The time now is 06:23 AM. |