I've noticed that pretty regularly my firewall is blocking what it's calling SYN-FLOODS, 50 at a time, originating from my tor relay:
02-26-2011 09:09:41 Daemon.Debug ROUTER kernel: [2011 Feb 26 09:09:33] FVS338 SYN-FLOOD IN=LAN OUT=WAN SRC=192.168.1.5(FALCON) DST=85.78.242.156(unresolved) PROTO=TCP SPT=63848 DPT=23 02-26-2011 09:09:41 Daemon.Debug ROUTER kernel: [2011 Feb 26 09:09:33] FVS338 SYN-FLOOD IN=LAN OUT=WAN SRC=192.168.1.5(FALCON) DST=31.92.154.101(unresolved) PROTO=TCP SPT=63820 DPT=443 02-26-2011 09:09:41 Daemon.Debug ROUTER kernel: [2011 Feb 26 09:09:33] FVS338 SYN-FLOOD IN=LAN OUT=WAN SRC=192.168.1.5(FALCON) DST=188.88.159.200(unresolved) PROTO=TCP SPT=63839 DPT=5060
Most of them are on port 23 or 443, some are on 5060 and the rest are on random ports. I have read that port 23 is for MIRC, and that "syn-floods" are part of the way it operates - could that be causing these errors? Is it removing some functionality of mirc that is important to it's operation? I'd feel better knowing my firewall is stopping these syn-floods before my ISP can see them, and knowing that the relay is still working optimally.
-Mike
tor-relays@lists.torproject.org