HELP -- DoS.Generic.SYNFlood! What the heck is this??

[m021478]

I was downloading a torrent file this evening (a legal one, of course), and all of a sudden my Kaspersky Internet Security 7 software repeatedly informed me of the following type of 'attack':

Quote:

DoS.Generic.SYNFlood! Attacker IP address: 203.63.45.51. Protocol/service: TCP on local port 55256. Time: 6/25/2008 11:46:46 PM

DoS.Generic.SYNFlood! Attacker IP address: 99.241.140.109. Protocol/service: TCP on local port 55256. Time: 6/25/2008 11:46:46 PM

DoS.Generic.SYNFlood! Attacker IP address: 78.86.222.134. Protocol/service: TCP on local port 55256. Time: 6/25/2008 11:46:46 PM

I figured it had something to do with my torrent being downloaded so I promptly quit uTorrent, yet I was still receiving the attack notification via KIS7...In a panic I shutdown my computer as quickly as possible, waited several hours before switching it back on again, and now that I am up and running again, I am not getting the attack notification message any more...

I got about 100 of these in a couple minutes time...I also noticed the following, single entry in KAS7's log file which occurred right in the middle of the 100 notifications cited above:

Quote:

Process (PID 1076) tried to access Kaspersky Internet Security process (PID 552), but the action has been blocked by the Self-Defense component. No action on your part is required.

Perhaps the reason why I am no longer receiving this attack notification may have something to do with shutting down my machine, but if you look at the first set of attack notifications above, you'll note that it says, "TCP on local port 55256"...55256 is the port in my firewall that I had opened for uTorrent so that it could effectively communicate with the tracker servers...this really freaked me out, and I have yet to reopen that port on my firewall for fear that I will once come under attack...

I have absolutely no idea whatsoever what the error notifications above are in reference to, if it's something serious that I should somehow protect against, or fix, or block, or whatever...My point here is that I do not have 100% piece of mind regarding my online security when using my computer now...

Can someone help explain to me:

• What happened? Should I be concerned, or is this more of a generic event?
• Is there is anything I should do about it at this point?
• Is it safe to reopen ports on my router (and if it would be advisable to pick different ports if I do reopen ports)?
• Should I trash all of the torrents I am in the process of downloading (which are currently paused in my queue) prior to opening any ports?
• Is there anything I can do to protect myself against such attacks in the future, aside from continuing to run KIS7 (and let's just skip the part where you tell me not to use bittorrent anymore)...

Any suggestions would be greatly appreciated... Thanks!

[chaslang]

When you use torrent or P2P downloading programs, you also share various files and folders on your hard disk with the whole world. While you were downloading, otheres were trying to upload from you. Thus you open the door for potential problems which is why we don't recommend using any of these programs. In fact, many malware removal forums will not even help you removal malware unless all programs like this are first removed.

When you stop your download, you more than likely did not stop the execution of your torrent program itself. Thus the ports being used to transmit and receive were still open. When you rebooted, the program was no longer running thus the ports were not open and your messages stopped.

We cannot skip this part as it is too important. Your best protection is to not use these kind of programs. Also you should read and apply the guidelines given in the below:

How to Protect yourself from malware!

Final note: Please do not cross post to multiple websites. Post in one forum and wait for an answer. Resources in forums like this are spread too thin and you are causing multiple helpers to spend time on this.