Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

What does this mean?

Status
Not open for further replies.

mattpv

IS-IT--Management
Nov 6, 2001
41
US
Probable TCP FIN scan - Source:2**.1**.2**.**, 443, WAN - Destination:20*.11*.1**.*3, 4143, LAN - -

* = a number I have changed
I have removed some of the ip address so my network isn't all over the net, but If someone could clue me in on what this message indicates, I would be indebted!!! Thanks so much
 
It means a person/trogen is probing your network from the source IP by performing a TCP port scan and sending packets with the FIN flag set in the hope of avoiding detection. You should scan the PC, flogg the user, or contact your ISP, whichever is appropriate.

-Jeff ----------------------------------------
Wassabi Pop Tarts! Write Kellogs today!
 
The source is on my network from an outside source? How do I flog the user?
 
Is Source:2**.1**.2**.** one of your IP addresses? If yes then you need to talk to the person operating it and/or look at that machine closely. If it's not one of your IP's then you should report it to your ISP. Scans are a common thing on the internet so don't panic It should be taken as proof that your investment in security devices such as firewalls & ids are worthwhile.
-Jeff ----------------------------------------
Wassabi Pop Tarts! Write Kellogs today!
 
No the source is not on my network, the destination is one of my client workstations. How did they get past my firewall? to get to a cw?
 
Where did you get the message? If it was from the firewall then it saw it, recognized it as an attack and dropped it. If it was at the cw then you need a better firewall.
----------------------------------------
Wassabi Pop Tarts! Write Kellogs today!
 
It is a warning from my firewall. Does that mean that they could not get past it? I appreciate your time ith this issue. I have started a new job and the guy that was here before did not explain crap and I am winging it. Could it be possible to get your email address? Only for issues that I cannot figure out, I know that is asking alot, but your knowledge is GREAT! and I appreciate your time. matt
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top