I keep getting a firewall alert Saying: Minor alert E21021 DDOS Shaft Synflood Incoming was blocked. Now I tried looking it up but didn't find a exact match for E21021 but I did find a few articals on IDS252 shaft synflood incoming stateing it could be a attack or just a packet response. I did trace it with whois, as if someone couldn't have spoofed their IP. And this happens when using Kazaa Lite. Any Ideas would be greatly appreciated.

Hi Rich,
here's an explanation of the trojan called Shaft Synflood:
Shaft
Aliases:
Ports: 22, 5002, 18753 (UDP), 20432, 20433 (UDP)
Files: idle - 28,969 bytes tcp.log - ??? bytes pp.pl - 2,795 bytes sniff.pid - 6 bytes s - 7,654 bytes chattr - 7,656 bytes vi - 437,428 bytes tcsh - 262,756 bytes ps - 31,312 bytes shaftmaster - 25,123 bytes shaftnode - 15,184 bytes shaftnode.c - 19,806 bytes hitlist - ??? bytes
Created: Oct 1998
Requires:
Actions: Distributed DoS tool / Steals passwords
Is able to either send UDP, TCP or ICMP floods, or all three at thesame time.
Versions:
Registers:
Notes: Works on Unix.
Country:
Program: Written in C.
hope you use this info well. you might want to check out www.thepublicworks.com for more info in their security section click on simovits consulting and trojan removal for some info on trojans.
good luck,
murve

Thanks murve,
There's nothing like the vast world of information called the internet. I found some useful reading on thepublicworks. And hope to educate myself further on how identify, then dispense of such attempts.