over the last week we have noticed alot of TCP FIN scans and IP spoofing attempts occurring. this has never happened as much before in the last 4 years ive worked at this company.
Our firewall logs show these attempts happening every 5-10 minutes and then it will stop for a few hours and it starts again each time causing a DOS (denial of service) attack as our internet connection goes down. (i think this is due to the firewall restarting itself to prevent further attacks tho)
The logs show us the IP address and MAC address of the person and ive added these to the blocked list. I have also done a whois on these IP addresses and they come back been in the US and Netherlands, however one of them came back to be in the UK.
we use a 3Com Superstack 3 Firewall, Firmware version: 126.96.36.199.
the firewall is setup to protect from the following attacks: Syn flood, Ping of death, IP Spoofing, Land attack, Smurf amplification, sequence number prediction. Stealth Mode is also enabled
Looking for some help as im not an expert in security.