compuken
asked on
Fin attack twice on same day from same IP
My sonicwall log reports 2 probably fin scans from the same IP, both today, how worried should I be and what action can I take?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi
I would say that is pretty normal (actually sounds quite low).
The average time from putting a machine on the internet to it getting a scan of some sort is apparently under 15 minutes.
Many people (e.g. script kiddies etc) have machines that are constantly scanning IP ranges for whatever vulnerability they currently want to exploit.
You'll probably find you have always been getting various vulnerability and port scans etc but your router was dropping many of them so they weren't hitting the firewall and showing up in your logs.
It sounds like the firewall is doing exactly what it should and dropping the packets.
I would say that is pretty normal (actually sounds quite low).
The average time from putting a machine on the internet to it getting a scan of some sort is apparently under 15 minutes.
Many people (e.g. script kiddies etc) have machines that are constantly scanning IP ranges for whatever vulnerability they currently want to exploit.
You'll probably find you have always been getting various vulnerability and port scans etc but your router was dropping many of them so they weren't hitting the firewall and showing up in your logs.
It sounds like the firewall is doing exactly what it should and dropping the packets.
ASKER
Thanks for your suggestions/comments, I feel a little safer
ASKER