Reply

DSN Active: tcp sockets in SYN_RECV state

Elianni
Techie
Posts: 1
2215     0
Hi, Best regards, we currently have problems with TCP connections in active DNS which are in SYN_RECV state, these connections could be passed to ESTABLISHED  tcp 0 0 dnscan02.mnc004.mcc7:domain 186.166.144.150:15005 SYN_RECV
tcp 0 0 dnscan02.mnc004.mcc7:domain 186.166.144.153:15012 SYN_RECV
tcp 0 0 dnscan02.mnc004.mcc7:domain 186.166.144.148:15003 SYN_RECV

 

 

Re: DSN Active: tcp sockets in SYN_RECV state

TTiscareno Community Manager
Community Manager
Posts: 361
2216     0

The TCP state SYN_RECV indicates that a TCP handshake was started but never completed. You may need to review the connection from the system referenced and see if this might be due to an unstable/unreliable connection, malicious (DOS) attempt or other system issue.

 

These should timeout on their own but if there are frequent TCP connections from the remote system (common for secondary name servers where frequent zone transfers occur), you may see these frequently appear in the connections table and it may seem like they're stale when in fact it is normal system activity. The name that resolved here looks like an internal one so I would assume that this is normal and not something malicious but Traffic Captures and system logs can be used to help verify what exactly is being sent back and forth.

Showing results for 
Search instead for 
Do you mean 

Recommended for You