Author Topic: Skuzzy caan you explain me this ? (Read 445 times)

straffo · « **on:** October 04, 2004, 03:37:34 PM »

[04/Oct/2004 21:44:29] Rule 'TCP ack packet attack': Blocked: In TCP, alt.flyaceshigh.com [216.91.192.19:3002]->localhost:1486, Owner: no owner
[04/Oct/2004 21:44:46] Rule 'TCP ack packet attack': Blocked: In TCP, alt.flyaceshigh.com [216.91.192.19:3002]->localhost:1486, Owner: no owner
[04/Oct/2004 21:45:20] Rule 'TCP ack packet attack': Blocked: In TCP, alt.flyaceshigh.com [216.91.192.19:3002]->localhost:1486, Owner: no owner
[04/Oct/2004 21:46:20] Rule 'TCP ack packet attack': Blocked: In TCP, alt.flyaceshigh.com [216.91.192.19:3002]->localhost:1486, Owner: no owner
[04/Oct/2004 21:47:20] Rule 'TCP ack packet attack': Blocked: In TCP, alt.flyaceshigh.com [216.91.192.19:3002]->localhost:1486, Owner: no owner

Did I fubared the configuration of my firewall ?

Skuzzy · « **Reply #1 on:** October 04, 2004, 03:50:41 PM »

That looks like a login for Aces High. What were you doing when it happened?

straffo · « **Reply #2 on:** October 04, 2004, 03:54:48 PM »

That's propably that , I had to shutdown my connection several time to get one IP not "eMule/Kaazaa"porked.

I'll clear the log an retry login in AH to check.

straffo · « **Reply #3 on:** October 04, 2004, 04:04:16 PM »

Got the same message

[04/Oct/2004 23:06:16] Rule 'TCP ack packet attack': Blocked: In TCP, 216.91.187.39:2001->localhost:1620, Owner: no owner

But only after 3 login (sorry for the added stress on you server

)

And btw I'm using a pretty old version of Kerio firewall.

isn't this just timed out packet ?
I'm thinking of this because it's an ack (for acknowledgement?) packet

Skuzzy · « **Reply #4 on:** October 04, 2004, 04:12:57 PM »

Not sure why it is reporting an 'ack' attack. For some reason the firewall appears to think it is something along the lines of a SYN attack.

straffo · « **Reply #5 on:** October 04, 2004, 04:17:47 PM »

It's perhaps just a bit paranoid

Btw which firewall as your preference for a user like me ?(I won't play Dr Frankenstein with an old PC to put a linux on it

)

I'm concidering changing but I don't know if I should get a modem/router with integrated firewall or a software FW ...

Skuzzy · « **Reply #6 on:** October 04, 2004, 04:30:40 PM »

I cannot really make any recommendations straffo. I do not care for any of them. I run an external firewall I built.

straffo · « **Reply #7 on:** October 05, 2004, 07:24:22 AM »

You built your own ?
Can I call you Dr Skuzzystein now ?

FOGOLD · « **Reply #8 on:** October 05, 2004, 08:47:27 AM »

Straffo

I use Trend Micro Internet security and with the firewall set to default internet browsing I've had no problems with AH or any other programme. My PC is invisible to Shields Up and I think you could do worse.

You're never completely safe of course.

The biggest hassle for firewall is tweaking it for LAN functionality. Easiest way for that is to pull the plug out on the phone line!:D