SYN_SENT and Connection not private?

Posted on

Problem :

Okay so I was basically running a server on a domain, and this is the first time, but when I logged in on the website, Google Chrome gave me an Error “Your connection is not Private” and I couldn’t proceed to next page. So I don’t know why but I ran CMD and typed in netstat -ano. And lot’s of IPs and stuff came up with “Established” and “Time_wait” etc. Then I scrolled down and saw this:

 TCP    [::1]:58109            [::1]:27275            SYN_SENT        6484
 TCP    [::1]:58110            [::1]:18821            SYN_SENT        6484
 TCP    [::1]:58111            [::1]:7754             SYN_SENT        6484
 TCP    [::1]:58112            [::1]:27275            SYN_SENT        6484
 TCP    [::1]:58113            [::1]:18821            SYN_SENT        6484
 TCP    [::1]:58114            [::1]:7754             SYN_SENT        6484

Now Im not a so called “PRO” when it comes to networking, I’ve heard a little about SynFlood though, but what could this mean? Could you please tell me the reason for why this is happening and what it is? And how I can prevent this? If it helps we’ve caught some IPs on our network that is not ours once. Please help thanks.

Edit: The error Chrome gave me was “Your connection is not private, attackers might be trying to steal your information from (Example password, mails and credit card information)”. And I can’t proceed because the website is using some kind of HSTS it sais.

Solution :

So I don’t know why but I ran CMD and typed in netstat -ano

I highly doubt you just happened to randomly mash on the keyboard and type out a useful networking command, but anyways, you should get out of the habit of running commands you don’t understand.

Any time you make a TCP connection (for instance, visiting a website), the connection process goes through SYN to SYN/ACK to ACK. I would not be worried about half a dozen SYNs; that’s probably just part of normal operations.

HTTPS is a protocol that, among other things, ensures that you are communicating with the server that you think you are. Since plain old HTTP does not provide this guarantee, website operators can use a technique called HSTS to inform your browser that it should never make HTTP connections to their site, but only HTTPS, and additionally to only allow HTTPS connections that are able to successfully prove they belong to the website operator.

Chrome is telling you that the server you’re connecting to cannot successfully prove that it’s owned by the people who should be running it, and therefore will not continue to the site. This is to protect you from a man-in-the-middle (MitM) attack in which an attacker pretends to be the site and steals your credentials.

The most common reason for these messages is because you’re on a captive wifi portal that’s requiring you to sign in first before browsing the web. If this is not the case (you can browse other pages successfully), then you should contact the operators of that server to let them know what you’re experiencing, and they can determine if it’s a problem on their end or an issue with your network.

Leave a Reply

Your email address will not be published. Required fields are marked *