Hi all…
Notice I had a few Inbound Syn Ack alerts on my firewall logs. (See attached) can anyone explain what’s happened?
[attachment deleted by admin]
Hi all…
Notice I had a few Inbound Syn Ack alerts on my firewall logs. (See attached) can anyone explain what’s happened?
[attachment deleted by admin]
Not sure, as i think the SYN ACK is a server reply to your SYN (asking for webpages).
http://www.stillhq.com/extracted/article-shdns/tcp-handshake.png
Connection establishmentTo establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first bind to a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may initiate an active open. To establish a connection, the three-way (or 3-step) handshake occurs:
- The active open is performed by the client sending a SYN to the server.
- In response, the server replies with a SYN-ACK.
- Finally the client sends an ACK back to the server.
At this point, both the client and server have received an acknowledgement of the connection.