synattack

[EDIS]

what can I do if this(Technical Document # - 10271916) doesnt work or I cant find INETCFG.INI file? how can I stop the synattack?

windows xp pro ver2002 sp2

thank you in advance.


Technical Document # - 10271916
__________________________________________________ __________
Family: LAN
Product: TCP/IP
Release: 3.1, 4.0, 4.1
Syslevel:

Last Updated: 10/30/97
__________________________________________________ __________

TITLE

How to Protect Against SYNFLOOD or SYNATTACK

DESCRIPTION

During the past few years, there have been programs written to basically kill or shutdown a TCP/IP connection on a machine that is connected to
the internet. The end result of these programs is that your TCP/IP connection is disabled. This has been called by different names; for example,
Ping of Death, SYNFLOOD, and SYNATTACK.

Background Information:

In a normal TCP session, when you try to establish a TCP connection, the machine sends out a SYN flag to establish the connection; the receiving
machine then sends back a SYN/ACK, acknowledging the request and assigning a specific TCP port to that connection. If the sending machine agrees,
another ACK is sent to tell the receiving machine that it agrees to the connection (a three-way handshake).

During a SYNFLOOD or SYNATTACK, multiple SYN flags are sent out with an invalid return IP address. A machine receives these requests, sends a
SYN/ACK acknowledgement and assigns a TCP port to the connection. Since the return IP address was invalid, no return ACK is ever received, and
the TCP port is never released. The machine keeps attempting to acknowledge the invalid SYN flags, and eventually, all of the TCP ports on the
system are disabled, and the TCP connection is shut down.

RESOLUTION

To protect a TCP/IP 4.1 system:

The ability to protect against this type of attack is built in to TCP/IP 4.1. To enable this protection:

1. To GET the current status of the SYNATTACK parameter in the INETCFG.INI file,
go to an OS/2 command line and type:

INETCFG -G SYNATTACK, then press Enter.

2. By default, SYNATTACK is set to 0, which means OFF.

3. To SET the SYNATTACK parameter in the INETCFG.INI file to an ON state, (1),
type the following at an OS/2 command line:

INETCFG -S SYNATTACK 1

4. This new setting in TCP/IP 4.1 will now prevent the SYNATTACK from occurring.


To protect a TCP/IP 4.0 system (OS/2 Warp 4):

To add this protection to a TCP/IP 4.0 system;

1. Apply MPTS CSD (Corrective Service Diskettes) WR08415 or greater.

2. Apply the fix for APAR (Authorized Program Analysis Report) IC18755.

This APAR replaces the SOCKETS.SYS file and adds a new SYNDEF.EXE file,
which allows you to enable or disable the SYN defenses.
The following options are available for this program:

SYNDEF.EXE ON (enables SYN defenses)
SYNDEF.EXE OFF (disables SYN defenses)
SYNDEF.EXE -? (displays SYNDEF syntax)

Note: For earlier versions of TCP/IP, apply MPTS CSD WR08415 to update
the TCP/IP stack to 4.0, then continue with the steps to protect
TCP/IP 4.0 systems.



Document Info

Related Docs:


__________________________________________________ __________________________________________________ ______________________________
IBM disclaims all warranties, whether express or implied, including without limitation, warranties of fitness and merchantability with respect to the information in
this document. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright (c) 1994, 1996 IBM Corporation. Any trademarks
and product or brand names referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark
information.

[Monty007]

Hi, Im not sure why you are concerned about a synattack attack as this is related to older infections. All you should be doing is an upto date anti-virus and spyware suite on your PC such as AVG.

[EDIS]

I can explain it. My antivirus is brand new i bought it in the shop. nod32.

Synattack or FLOODING as we call it, is made to crash servers. Its made by a famous moder MrMedic who is a member of TKC Community, and he played Line of Sight - Vietnam long time ago, as i belong to that part of gamers who are still playing losv we got problem with this flooding mod, because nobody knows how to stop it.
As we had to deal with other his mods/cheats as "crasher" - to shut servers down then anti-crash patch showed up. Line of Sight - Vietnam is an old game and it was killed by MrMedic. He is gone for long time and will never come back but his mods left. We have to deal with that coz u never know which game is now on his list....he has a crew now...all that load of idiots are working to make our games filled of hacks.
Flooding has nothing to do with my antivirus. It can not harm my pc or files, it kicks all players out of server by making the packetloss scale to infinity.
I guess you all know how the crash works, its A BUFFER OVERRUN, when all you need to do is to type max quantity of letters in main chat or in pm and thats it server is crashed.
FLOODING is when a fake player(its a program actually) is connecting 1000 or more times without stopping, when finally Multiplayer log file gets filled of "MRMEDIC OWNS YOU"(or other text) server breaks down.
It works different bcoz you need to be connected to server if you want to crash it but you dont need to connect if you want flood it and thats how its working...fake player is being dropped from the server all the time without full connection thats how packetloss is growing to insane, that laggs a lot so you cant play even if you have a fast connecion and a new pc. All you can do is to wait till game breaks down. After it breaks down you can restart server but now your server breaks down much faster and flooding begins since you click "Host".
In sum case its updated crash just bcoz result is the same.

Line of Sight - Vietnam is an old and very simple game, thats why a solution how to flood server and how to make flooding stop has to be simple. This is a place where are many smart guys, so i thought you can help me to solve this case, that you got some medicine if you saw that flooding mod before

[EDIS]

This is a really short fragment of my server multiplayer log file, so you can see how it looks like...the fact that IP from which flood is being sent is banned has an effect - server gets flooded faster.

07/06/08 18:27:58 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
*EDIS*E*MAJ[5*]*(LTU)*: u can have a nade n shoot like its m21
07/06/08 18:28:04 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:05 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:05 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:05 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
*EVIL*E*SGT*(GBT)*: lol
07/06/08 18:28:06 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:08 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:08 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:08 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:08 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:08 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:08 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
*}}E-F{{*GoA*HaRleY*: omg
07/06/08 18:28:09 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:09 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:09 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:09 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:09 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:09 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
*EDIS*E*MAJ[5*]*(LTU)*: zoom works too
07/06/08 18:28:09 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:09 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:09 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:09 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:09 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:09 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:09 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:10 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:10 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:10 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:10 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:10 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:10 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:10 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:10 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:11 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:11 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:11 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:11 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:11 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:11 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:11 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:12 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:12 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:12 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:12 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:12 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:12 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:12 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:13 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:13 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:13 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:13 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:13 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:13 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!
07/06/08 18:28:13 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
07/06/08 18:28:13 <Network> Banned player from IP 72.68.195.20 attempted to join and was rejected.
LOS Player: #####################################......M.R.M.E .D.I.C OWNS YOU!