TCP FIN Scan SonicWall

From: T J Baden (tjbaden@tsrnet.net)
Date: 05/24/02

• Next message: : "Re: Attention All Network Engineers and Consultants!!"
• Previous message: David Rosenstrauch: "Re: xp home and za pro 3.0 the latest one"
• Next in thread: amputee: "Re: TCP FIN Scan SonicWall"
• Reply: amputee: "Re: TCP FIN Scan SonicWall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "T J Baden" <tjbaden@tsrnet.net>
Date: Fri, 24 May 2002 09:23:47 -0600

I have been getting alerts from my SonicWall Pro about a "Probable TCP FIN
Scan".

I assume that the source address is spoofed, but I don't understand why the
destination address for the scan is a legitimate private IP address behind
my firewall. Does the fact that they know my private address scheme and the
address of a valid server on my LAN mean that I have been penetrated? I have
been getting scanned pretty heavily recently by the same IP source. I am
getting paranoid.

Any thoughts on this are greatly appreciated.

--
Tom Baden
TSRnet
303-290-0101
tjbaden@tsrnet.net
www.tsrnet.net
Helping Business Use Technology

---

• Next message: : "Re: Attention All Network Engineers and Consultants!!"
• Previous message: David Rosenstrauch: "Re: xp home and za pro 3.0 the latest one"
• Next in thread: amputee: "Re: TCP FIN Scan SonicWall"
• Reply: amputee: "Re: TCP FIN Scan SonicWall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)