Well I had a Denial-of-Service flood attack today. I had a couple in the space of a few minutes. Comodo described it as ‘DDOS Attack (SYN Flood). Duration 20 seconds. # of parckets 89. # of attackers 263’, and reeled of a load of ip addresses. It then went into emergency mode. I noticed it when I couldn’t access the net and the lights on my router were going frantic, but I wasn’t downloading anything. I only chanced into the Comodo log and saw what was happening.
I immediately switched off the router and scanned my PC using Avast, Ad-Aware, Spyware terminator and Spybot, but it didn’t find anything.
The logged also stated that I had a number of high attacks involving svchost.exe
This has really worried me. Why has my computer been targeted and how has this happened. I thought DOS attacks were only targeted at big servers. Why was my PC targeted and whats the svchost problems?
I was using uTorrent at the time, could this have caused a problem?
I think (S), hopefully.
This is most likely the reason. Even after you shut it down, the uTorrent process keeps running for some time. This is also why your lights on your router went haywire. The SYN error messages are also normal.
I’m not saying you didn’t have a real DDOS, as it has been known to target P2P and torrent users. I just want to let you know that using torrents can result in odd behavior, and can be mistaken as inbound attacks by your firewall sometimes.
You did the right thing, and you probably did save yourself from something malicious.
As for the attack involving svchost.exe I can’t say. I’d need to see your logs first 
How can I show you my logs? Since I’ve been back at my PC after watching something on TV I’ve had 2 more ‘high’ svchost.exe logs recorded, basically straight after I turned my router on. Could this be windows confusing comodo?
Go to your log and right-click in the logs window. Chose “Export HTML…”, then copy and paste it here. Please remove all NetBIOS broadcasts and anything you deem irrelevant
Ok thanks for this. Here are the high svchost.exe logs:
Date/Time :2007-03-12 20:48:20
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:192.168.1.136: :1415)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP In
Destination: 192.168.1.136::1415
Date/Time :2007-03-12 20:48:20
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:192.168.1.136: :ntp(123))
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP In
Destination: 192.168.1.136::ntp(123)
I’m also getting these as ‘High’ Logs:
Date/Time :2007-03-12 20:59:37
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Invalid Flag Combination)
Direction: TCP Incoming
Source: 74.104.82.226:24469
Destination: 192.168.1.136:2239
Reason: ACK FIN RST is an invalid TCP flag combination
Date/Time :2007-03-12 20:55:07
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Invalid Flag Combination)
Direction: TCP Incoming
Source: 74.104.82.226:24469
Destination: 192.168.1.136:1843
Reason: ACK FIN RST is an invalid TCP flag combination
I’ve got one port open on my router, which is set for U torrent. I’ve also created a static IP address so uTorrent works better (following these instructions - Setting a Static IP Address in Windows XP)
Should I be worried about these logs? I’m gonna do another scan tonight and see if my AV picks up anything.
Looking over your logs, I wouldn’t worry too much. It all looks like regular traffic and most of the hits in your log will be generated while using uTorrent. You’ll also see more of the Invalid Flag Combination entries while uTorrent is running. Most likely someone using a firewall like you, but without proper port forwarding etc.
Conclusion: Your network integrity are good for now
FYI.
Not sure what UDP 1415 is, but it looks harmless. NTP (UDP 123) are just your OS trying to synchronize it’s time and date with an NTP server (NTP=Network Time Protocol)