someone is syn flooding clients | Bitcointalksearch.org

bitcoinBull

legendary

Activity: 826

Merit: 1001

rippleFanatic

Quote from: JoelKatz on June 22, 2011, 08:18:28 PM

Quote from: NghtRppr on June 22, 2011, 05:37:22 PM

I recently launched the client on my school's network and I got a bunch of syn flood attack warnings.

If it goes away in a few minutes, it's probably completely normal. The client wants to be well-connected as quickly as possible and this may set off attack warnings on some systems.

If someone has a chance, it would be helpful to run the client on a machine that is monitored for traffic and connection volume. At least count SYNs to the bitcoin port. Ideally, use the IP for nothing else for awhile and log *all* traffic to it to see if you get probes, attack attempts, and the like. Post your summarized statistical results so we can have a baseline for what's normal. If nobody else does this, I'll try to do it myself tomorrow sometime.

Would be quite helpful if somebody(s) set up several honeypots and left them connected to the network, reporting the results periodically. There are downloadable honeypot configurations that should make this easy enough.

JoelKatz

legendary

Activity: 1596

Merit: 1012

Democracy is vulnerable to a 51% attack.

Quote from: NghtRppr on June 22, 2011, 05:37:22 PM

I recently launched the client on my school's network and I got a bunch of syn flood attack warnings.

If it goes away in a few minutes, it's probably completely normal. The client wants to be well-connected as quickly as possible and this may set off attack warnings on some systems.

If someone has a chance, it would be helpful to run the client on a machine that is monitored for traffic and connection volume. At least count SYNs to the bitcoin port. Ideally, use the IP for nothing else for awhile and log *all* traffic to it to see if you get probes, attack attempts, and the like. Post your summarized statistical results so we can have a baseline for what's normal. If nobody else does this, I'll try to do it myself tomorrow sometime.

zer0

sr. member

Activity: 350

Merit: 250

i run bitcoind over Tor seems the best way to prevent floods or somebody finding it

phorensic

hero member

Activity: 630

Merit: 500

I would say it's the p2p nature of the client downloading blocks that is setting off your firewall. It will use a lot of connections if you let it run for a while.

btc_man

newbie

Activity: 13

Merit: 0

are they to/from an ip you know?

NghtRppr

sr. member

Activity: 504

Merit: 252

Elder Crypto God

Quote from: ius on June 22, 2011, 05:40:20 PM

And you're absolutely sure it isn't due to the multitude of peers trying to connect to you? Wink

It's never triggered it before but no I'm not sure.

ius

newbie

Activity: 56

Merit: 0

And you're absolutely sure it isn't due to the multitude of peers trying to connect to you? Wink

NghtRppr

sr. member

Activity: 504

Merit: 252

Elder Crypto God

I recently launched the client on my school's network and I got a bunch of syn flood attack warnings.

Topic: someone is syn flooding clients (Read 2062 times)