Link to home
Start Free TrialLog in
Avatar of compuken
compuken

asked on

Fin attack twice on same day from same IP

My sonicwall log reports 2 probably fin scans from the same IP, both today, how worried should I be and what action can I take?
ASKER CERTIFIED SOLUTION
Avatar of kevinf40
kevinf40

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Tim Holman
Tim Holman
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of compuken
compuken

ASKER

We are a business, which is why I was concerned, we have gotten a new ip and whereas before, we had a modem/router that went to our sonicwall firewall then to our lan router, now it goes right through the modem part into the sonicwall and the modem/router is now just a modem, so we are a little more exposed and now all things the modem/router blocked is now going to the sonicwall. We are getting about 2 smurf and fin scan a day.
Hi

I would say that is pretty normal (actually sounds quite low).

The average time from putting a machine on the internet to it getting a scan of some sort is apparently under 15 minutes.

Many people (e.g. script kiddies etc) have machines that are constantly scanning IP ranges for whatever vulnerability they currently want to exploit.

You'll probably find you have always been getting various vulnerability and port scans etc but your router was dropping many of them so they weren't hitting the firewall and showing up in your logs.
It sounds like the firewall is doing exactly what it should and dropping the packets.
Thanks for your suggestions/comments, I feel a little safer