# Intrusion Attempt Detected: Fin Scan



## Kalanadian (Aug 19, 2005)

Ever since Dec 1 we've been getting a notice from our firewall saying it's blocked an intrusion attempt from Fin scan. Dec 2 alone we had 49 alerts. I'm not too concerned because apparently our computer is preventing it, but what I would like to know is what it is and where it is coming from. Is it coming from a particular site? Is there something I should be doing other than ignoring these firewall mesages?

Here are the details that are given:

Description: Intrusion attempt detected: Fin Scan

Action: Firewall has blocked this traffic
Time: 05/12/2008 8:49:07 PM
Direction: Inbound
Protocol: tcp
Services: TCP High ports in


Then it gives the remote address, remote port, local address and local port...

Thanks for any help!


----------



## lunarlander (Sep 22, 2007)

Scans are just scouting probes. The attacker wants to see what program/services you have running. There isn't much you can do about them.


----------



## Kalanadian (Aug 19, 2005)

Alright, so does it have to do with any specific websites I'm on? Or is it just a random thing...?


----------



## lunarlander (Sep 22, 2007)

Usually it doesnt have anything to do with where you surf to. They just find random ip addresses to scan. 

If you don't have a router, then get one, as it provides some protection and doesn't allow them to directly scan your PCs. Get one even if you only have 1 PC.


----------



## hrlow2 (Oct 6, 2008)

Sygate firewall has what they call Backtrace where you can track to see where it is coming from


----------



## Kalanadian (Aug 19, 2005)

I already have a router.. this is only happening on my home computer not the laptop. It's just really annoying. It's popping up 20+ times a day..


----------



## Kenny94 (Dec 16, 2004)

> I would like to know is what it is and where it is coming from.


See WHOIS at:

arin.net/whois/


----------



## Kenny94 (Dec 16, 2004)

http://www.arin.net/whois/

That's better.


----------

