MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 06-26-08, 03:56
m021478 m021478 is offline
Private E-2
 
Join Date: Jan 2008
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default HELP -- DoS.Generic.SYNFlood! What the heck is this??

I was downloading a torrent file this evening (a legal one, of course), and all of a sudden my Kaspersky Internet Security 7 software repeatedly informed me of the following type of 'attack':

Quote:
DoS.Generic.SYNFlood! Attacker IP address: 203.63.45.51. Protocol/service: TCP on local port 55256. Time: 6/25/2008 11:46:46 PM

DoS.Generic.SYNFlood! Attacker IP address: 99.241.140.109. Protocol/service: TCP on local port 55256. Time: 6/25/2008 11:46:46 PM

DoS.Generic.SYNFlood! Attacker IP address: 78.86.222.134. Protocol/service: TCP on local port 55256. Time: 6/25/2008 11:46:46 PM

I figured it had something to do with my torrent being downloaded so I promptly quit uTorrent, yet I was still receiving the attack notification via KIS7...In a panic I shutdown my computer as quickly as possible, waited several hours before switching it back on again, and now that I am up and running again, I am not getting the attack notification message any more...

I got about 100 of these in a couple minutes time...I also noticed the following, single entry in KAS7's log file which occurred right in the middle of the 100 notifications cited above:

Quote:
Process (PID 1076) tried to access Kaspersky Internet Security process (PID 552), but the action has been blocked by the Self-Defense component. No action on your part is required.
Perhaps the reason why I am no longer receiving this attack notification may have something to do with shutting down my machine, but if you look at the first set of attack notifications above, you'll note that it says, "TCP on local port 55256"...55256 is the port in my firewall that I had opened for uTorrent so that it could effectively communicate with the tracker servers...this really freaked me out, and I have yet to reopen that port on my firewall for fear that I will once come under attack...

I have absolutely no idea whatsoever what the error notifications above are in reference to, if it's something serious that I should somehow protect against, or fix, or block, or whatever...My point here is that I do not have 100% piece of mind regarding my online security when using my computer now...

Can someone help explain to me:
  • What happened? Should I be concerned, or is this more of a generic event?
  • Is there is anything I should do about it at this point?
  • Is it safe to reopen ports on my router (and if it would be advisable to pick different ports if I do reopen ports)?
  • Should I trash all of the torrents I am in the process of downloading (which are currently paused in my queue) prior to opening any ports?
  • Is there anything I can do to protect myself against such attacks in the future, aside from continuing to run KIS7 (and let's just skip the part where you tell me not to use bittorrent anymore)...

Any suggestions would be greatly appreciated... Thanks!
Reply With Quote
Sponsored links
  #2  
Old 06-26-08, 13:35
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,123
Thanks: 61
Thanked 7,566 Times in 4,067 Posts
Default Re: HELP -- DoS.Generic.SYNFlood! What the heck is this??

When you use torrent or P2P downloading programs, you also share various files and folders on your hard disk with the whole world. While you were downloading, otheres were trying to upload from you. Thus you open the door for potential problems which is why we don't recommend using any of these programs. In fact, many malware removal forums will not even help you removal malware unless all programs like this are first removed.

When you stop your download, you more than likely did not stop the execution of your torrent program itself. Thus the ports being used to transmit and receive were still open. When you rebooted, the program was no longer running thus the ports were not open and your messages stopped.

We cannot skip this part as it is too important. Your best protection is to not use these kind of programs. Also you should read and apply the guidelines given in the below:

How to Protect yourself from malware!

Final note: Please do not cross post to multiple websites. Post in one forum and wait for an answer. Resources in forums like this are spread too thin and you are causing multiple helpers to spend time on this.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Where the heck am I?? dperino The Lounge 10 05-24-08 13:43
the heck?? Jazagod The Lounge 10 11-26-06 07:10
What The Heck Is This? spadesmamma61 Malware Removal 12 10-16-06 15:22
OK what the HECK is this? spadesmamma61 Malware Removal 8 11-08-05 21:00


All times are GMT -5. The time now is 19:31.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger