TechSpot

Outpost detected an RST attack....whatizit?

By foycur
Dec 31, 2005
Topic Status:
Not open for further replies.
  1. I got two RST attacks from different addresses

    80.218.71.241 and 208.0.107.138 -> 208.0.107.138

    I'm just learning web security, I believe this is a DoS type attack? Does it mean that someone has gotten in, or that outpost blocked it? I tried doing some online research but didn't learn much. Should I block these IP addresses?
  2. vhunter

    vhunter Newcomer, in training Posts: 89

    Most likely, Outpost blocked it. Check your logs and look for the IPs to see what Outpost did. It probably wasn't a DoS attack, since you're on the Internet, but if it happens again, you may have a problem.
  3. jobeard

    jobeard TS Ambassador Posts: 13,368   +302

    Because a typical DoS attack uses a random IP as the source IP, it is likely that the source IP or machine (if it exists) will send a reset packet (RST /ACK) packet back to the server, saying it did not make the connection request. What happens even more often is that the IP address will not exist (because it is a random number); the server will keep trying to initiate a connection by resending SYN/ACK and then RST/ACK (because it didn't get any ACK back) packets back to the bogus source IP address.

    All this creates incomplete or half-open connections, which is why we need to time-out these connections by creating a value called SynAttackProtect.

    To create the SynAttackProtect value, right-click in the right-hand pane of the Registry Editor and select New > DWORD Value. You should see the same default value name assigned to this value called New Value #1, ...

    google for SynAttackProtect registry setting
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.