Outpost detected an RST attack....whatizit?

By foycur
Dec 31, 2005
  1. I got two RST attacks from different addresses and ->

    I'm just learning web security, I believe this is a DoS type attack? Does it mean that someone has gotten in, or that outpost blocked it? I tried doing some online research but didn't learn much. Should I block these IP addresses?
  2. vhunter

    vhunter TS Rookie Posts: 84

    Most likely, Outpost blocked it. Check your logs and look for the IPs to see what Outpost did. It probably wasn't a DoS attack, since you're on the Internet, but if it happens again, you may have a problem.
  3. jobeard

    jobeard TS Ambassador Posts: 8,945   +584

    Because a typical DoS attack uses a random IP as the source IP, it is likely that the source IP or machine (if it exists) will send a reset packet (RST /ACK) packet back to the server, saying it did not make the connection request. What happens even more often is that the IP address will not exist (because it is a random number); the server will keep trying to initiate a connection by resending SYN/ACK and then RST/ACK (because it didn't get any ACK back) packets back to the bogus source IP address.

    All this creates incomplete or half-open connections, which is why we need to time-out these connections by creating a value called SynAttackProtect.

    To create the SynAttackProtect value, right-click in the right-hand pane of the Registry Editor and select New > DWORD Value. You should see the same default value name assigned to this value called New Value #1, ...

    google for SynAttackProtect registry setting
Topic Status:
Not open for further replies.

Similar Topics

Create an account or login to comment

You need to be a member in order to leave a comment
TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.