I have an SMC Barricade model SMC7008ABR router. When checking the logs I periodically get warnings of “**SYN Flood to Host** 192.168.2.xxx, xxxx->> xxx.xxx.xxx.xx, xxxx (from WAN Outbound)”. The originating address is from 2 of the computers on my home network. The destination IP changes as shown in the excerpt of my router log.
02/03/2008 12:16:09 192.168.2.101 login success
02/03/2008 10:51:21 NTP Date/Time updated
02/03/2008 04:51:21 NTP Date/Time updated
02/02/2008 22:51:21 NTP Date/Time updated
02/02/2008 20:12:34 **SYN Flood to Host** 192.168.2.101, 3350->> 66.165.186.98, 80 (from WAN Outbound)
02/02/2008 20:05:10 **SYN Flood to Host** 192.168.2.101, 4725->> 208.122.223.21, 80 (from WAN Outbound)
02/02/2008 19:29:34 **SYN Flood to Host** 192.168.2.101, 4941->> 213.189.18.86, 80 (from WAN Outbound)
My concern is the “from OUTBOUND WAN”, I assume this means that I have out going traffic that hopefully the router stopping. Is that assumption correct and if so how can I locate and kill the cause of this message?
I regularly use Sypbot, Adaware SE+, and AVG to control the bad things on both machines and the router’s firewall is on. The OSs are W2K Pro & Vista Home Premium. Browsers are Firefox, set to clear everything on close, and MS IE, used mainly on the Vista machine.
My searches have provided a lot of info on what a “SYN Flood” is but, I have been unable to find anything that tells me how to locate and remove the cause from may system. Let me know what more information I need to supply or if any one can shed some light on a “cure” for this.
Old Dog, in need of new tricks!
Can I stop "Syn Flood ** (from Outbound WAN)?
-
Old Dog 62
- New Member
- Posts: 3
- Joined: Sat Feb 02, 2008 10:55 am
-
Old Dog 62
- New Member
- Posts: 3
- Joined: Sat Feb 02, 2008 10:55 am
Thank you for the reply cchooper, you may have the answer. Since the original posting my cable company has been sold and is under new management. All of the IP addresses have changed and so far I have not had another occurrence of the warning. Time will tell. I’ll follow up with any changes.
Thanks again,
Old Dog 62, always looking for new tricks.
Thanks again,
Old Dog 62, always looking for new tricks.
-
Nobody
Solution
I have the same router (SMC Barricade 7008ABR) and I noticed I was getting these same "SYN Flood" messages in my log. Eventually I found the culprit -- in my case it was Google Maps. I've always had problems with maps never fully loading (lots of gray tiles) and I finally realized that the problem was the number of connections that Google Maps keeps open at once. The firewall thought they were a denial of service attack and was blocking them. I just increased the maximum number of connections allowed and the problem went away -- no more SYN Flood messages so far and Google Maps finally works.
The setting is called "Maximum incomplete TCP/UDP sessions number from same host" and is found under "Advanced Setup > Firewall > Intrusion Detection". I increased mine from 10 to 50 and it seems to be working well.
This problem has plagued me forever! I came across this thread in my search and wanted to post what I found in case it's helpful.
The setting is called "Maximum incomplete TCP/UDP sessions number from same host" and is found under "Advanced Setup > Firewall > Intrusion Detection". I increased mine from 10 to 50 and it seems to be working well.
This problem has plagued me forever! I came across this thread in my search and wanted to post what I found in case it's helpful.
Does anyone know how to fix this with a belkin router? I don't seem to have a setting with that granularity. Arg...Nobody wrote:I have the same router (SMC Barricade 7008ABR) and I noticed I was getting these same "SYN Flood" messages in my log. Eventually I found the culprit -- in my case it was Google Maps. I've always had problems with maps never fully loading (lots of gray tiles) and I finally realized that the problem was the number of connections that Google Maps keeps open at once. The firewall thought they were a denial of service attack and was blocking them. I just increased the maximum number of connections allowed and the problem went away -- no more SYN Flood messages so far and Google Maps finally works.
The setting is called "Maximum incomplete TCP/UDP sessions number from same host" and is found under "Advanced Setup > Firewall > Intrusion Detection". I increased mine from 10 to 50 and it seems to be working well.
This problem has plagued me forever! I came across this thread in my search and wanted to post what I found in case it's helpful.
Another happy person here. The default browser of my Galaxy SIII was making my crappy Philips router throw SYN flood errors, and webpages stopped loading halfway through. I set the above setting to 50 and now eveything is fast and smooth.
Just posting to mention that for Philips the setting is under security -> firewall -> intrusion detection
Just posting to mention that for Philips the setting is under security -> firewall -> intrusion detection