Skip to content
ManChicken's profile

New Contributor

 • 

14 Messages

Mon, Apr 27, 2020 3:00 PM

Seeing very slow SYN-flood type activity

In the last week or so I've been seeing a bunch of errant traffic on my two Comcast connections (one at home, one at work, but both business class) and am wondering if anyone else is seeing this or if it's just me for some reason. I see a bunch of connections in state SYN_RECV from various disparate yet similar netblocks; it's not a ton of connections at any given moment, and it's not with any pace, so I really don't know what to make of it:

 

# netstat -n --protocol=inet |grep SYN
tcp        0      0 173.160.x.x:80       109.88.186.145:28381    SYN_RECV
tcp        0      0 173.160.x.x:53       53.206.194.104:42980    SYN_RECV
tcp        0      0 173.160.x.x:53       53.228.214.130:3148     SYN_RECV
tcp        0      0 173.160.x.x:25       208.74.70.249:13021     SYN_RECV
tcp        0      0 173.160.x.x:25       208.211.199.80:29468    SYN_RECV
tcp        0      0 173.160.x.x:25       53.72.138.217:64219     SYN_RECV
tcp        0      0 173.160.x.x:443      208.216.27.153:46328    SYN_RECV
tcp        0      0 173.160.x.x:443      53.190.145.201:18095    SYN_RECV

They're almost certianly all spoofed; the last few days have been almost exclusively IPs in foreign countries, but today it's a lot of random US ones.

 

Is this a more widespread "attack" against random Comcast IPs, or is it just me being targeted by someone who doesn't really know what they're doing? Anyone else seeing this?

Administrator

 • 

32 Messages

2 y ago

Hello, how are you? I hope your night is going very well. I am sorry this traffic and activity is affecting your account. This is a great place to get support because we are a dedicated team that will do everything possible to help with any concern. Are you able to send a private message so I can assist you further? If you can include your name, account number, and service address this will help me start working on your account.