Sufer :
ntadmin,
i was looking thru the log on the Zyxel and saw that it is registering SYN FLOOD TCP ATTACK. I am definetly not a network expert but have tried googling but could not really get info on how to avoid it. I am certain I do not have a virus.
11/17/2009 14:00:06 VoIP Call Start Ph[1] -> xxxxxxxxxxxxTraffic Log
48 11/17/2009 13:50:49 syn flood TCP 192.168.1.35:49289 167.202.214.30:80 ATTACK
49 11/17/2009 13:30:21 syn flood TCP 192.168.1.36:53092 76.13.62.84:80 ATTACK
50 11/17/2009 13:30:21 syn flood TCP 192.168.1.36:53090 76.13.62.84:80 ATTACK
51 11/17/2009 13:30:21 syn flood TCP 192.168.1.36:53088 76.13.62.84:80 ATTACK
52 11/17/2009 13:30:21 syn flood TCP 192.168.1.36:53087 76.13.62.84:80 ATTACK
53 11/17/2009 13:19:18 VoIP Call End Phone[1] Traffic Log
54 11/17/2009 13:19:01 VoIP Call Established Ph[1] <- xxxxxxxxxxxxTraffic Log
55 11/17/2009 13:18:53 VoIP Call Start from SIP[2] Traffic Log
56 11/17/2009 12:56:14 VoIP Call End Phone[1] Traffic Log
57 11/17/2009 12:55:57 VoIP Call Established Ph[1] -> xxxxxxxxTraffic Log
58 11/17/2009 12:55:45 VoIP Call Start Ph[1] -> xxxxxxxxTraffic Log
59 11/17/2009 12:53:41 VoIP Call End Phone[1] Traffic Log
60 11/17/2009 12:53:40 VoIP Call Start Ph[1] -> xxxxxxxxxxTraffic Log
61 11/17/2009 12:53:05 VoIP Call End Phone[1] Traffic Log
62 11/17/2009 12:53:04 VoIP Call Start Ph[1] -> xxxxxxxxxxxxTraffic Log
63 11/17/2009 12:05:27 syn flood TCP 192.168.1.36:52143 89.255.60.42:80 ATTACK
64 11/17/2009 12:05:27 syn flood TCP 192.168.1.36:52156 89.255.60.42:80 ATTACK
65 11/17/2009 12:05:27 syn flood TCP 192.168.1.36:52154 89.255.60.42:80 ATTACK
66 11/17/2009 12:05:27 syn flood TCP 192.168.1.36:52152 89.255.60.42:80 ATTACK
67 11/17/2009 12:00:29 syn flood TCP 192.168.1.36:51679 62.221.199.24:443 ATTACK
68 11/17/2009 11:33:54 syn flood TCP 192.168.1.36:50598 217.175.244.140:80 ATTACK
69 11/17/2009 11:33:54 syn flood TCP 192.168.1.36:50595 217.175.244.140:80 ATTACK
70 11/17/2009 11:33:54 syn flood TCP 192.168.1.36:50594 217.175.244.140:80 ATTACK
71 11/17/2009 11:33:54 syn flood TCP 192.168.1.36:50592 217.175.244.140:80 ATTACK
who on your network is 192.168.1.36? That machine is the origin of those syn flood packets.
Look at this:
49 11/17/2009 13:30:21 syn flood TCP 192.168.1.36:53092 76.13.62.84:80 ATTACK
that machine on your network is trying to attack yahoo in this log entry
192.168.1.36 opens up an outbound port of 53092 and sends it's data off to a website (port 80) on 76.13.62.84
Me thinks you have a zombie in house sir.
I need the exact model of that Zyxel or if you can provide me a link to admin guide. I searched their site and came up with nothing