Blocked SYN floods? - tor-relays

26 Feb 2011


      I've noticed that pretty regularly my firewall is blocking what it's calling
SYN-FLOODS, 50 at a time, originating from my tor relay:
02-26-2011 09:09:41 Daemon.Debug ROUTER kernel: [2011 Feb 26 09:09:33]
FVS338 SYN-FLOOD  IN=LAN  OUT=WAN SRC=192.168.1.5(FALCON)
DST=85.78.242.156(unresolved) PROTO=TCP SPT=63848 DPT=23
02-26-2011 09:09:41 Daemon.Debug ROUTER kernel: [2011 Feb 26 09:09:33]
FVS338 SYN-FLOOD  IN=LAN  OUT=WAN SRC=192.168.1.5(FALCON)
DST=31.92.154.101(unresolved) PROTO=TCP SPT=63820 DPT=443
02-26-2011 09:09:41 Daemon.Debug ROUTER kernel: [2011 Feb 26 09:09:33]
FVS338 SYN-FLOOD  IN=LAN  OUT=WAN SRC=192.168.1.5(FALCON)
DST=188.88.159.200(unresolved) PROTO=TCP SPT=63839 DPT=5060
Most of them are on port 23 or 443, some are on 5060 and the rest are on
random ports. I have read that port 23 is for MIRC, and that "syn-floods"
are part of the way it operates - could that be causing these errors? Is it
removing some functionality of mirc that is important to it's operation? I'd
feel better knowing my firewall is stopping these syn-floods before my ISP
can see them, and knowing that the relay is still working optimally.
-Mike
-- 
TERMS OF USE. By reading this e-mail, you agree, on behalf of your employer,
to release me from all obligations and waivers arising from any and all
NON-NEGOTIATED agreements, terms-of-use, licenses, terms-of-service,
shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure,
non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have
entered into with your employer, its partners, licensors, agents and
assigns, in perpetuity, without prejudice to my ongoing rights and
privileges. You further represent that you have the authority to release me
from any BOGUS AGREEMENTS on behalf of your employer.