How should I handle this FIN Flood attack that my SonicWall is reporting
I'm trying to understand what might be happening with this log. Are machines 192.168.1.152 and 192.168.1.253 compromised or is there something else going on? 192.168.1.253 is our Exchange 2010 Server...we are experiencing disconnects from the Outlook users on the network that are only resolved if they reboot. I've already run a full scan with antivirus and Malwarebytes on the server - what else should be done to make sure there is nothing rogue on the machine? Is the SonicWall just alerting us or is it actually blocking the "attack"?
Machine 192.168.1.152 is a MacBook...we have that machine turned off for now.
Here is the log:
0006-B13B-0234 Log (part 3) dumped to email at 2011-04-06 12:52:08
04/06/2011 12:48:55.416 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 369/sec has
ceased - -
04/06/2011 12:48:56.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:58139 dst: 64.60.131.215:443 - -
04/06/2011 12:48:57.448 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 357/sec has
ceased - -
04/06/2011 12:48:58.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:58850 dst: 64.60.131.215:443 - -
04/06/2011 12:48:59.480 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 316/sec has
ceased - -
04/06/2011 12:49:00.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:59505 dst: 64.60.131.215:443 - -
04/06/2011 12:49:01.560 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 355/sec has
ceased - -
04/06/2011 12:49:12.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:24578 - -
04/06/2011 12:49:12.384 - Warning - Intrusion Prevention - Possible FIN Flood on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:2041 - rate:
357/sec continues - -
04/06/2011 12:49:13.400 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 354/sec has
ceased - -
04/06/2011 12:49:14.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:20207 - -
04/06/2011 12:49:15.432 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 268/sec has
ceased - -
04/06/2011 12:49:16.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:11289 - -
04/06/2011 12:49:17.464 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 427/sec has
ceased - -
04/06/2011 12:49:18.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:5597 - -
04/06/2011 12:49:19.496 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 393/sec has
ceased - -
04/06/2011 12:49:20.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:29969 - -
04/06/2011 12:49:21.528 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 340/sec has
ceased - -
04/06/2011 12:49:22.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:8943 - -
04/06/2011 12:49:23.560 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 301/sec has
ceased - -
04/06/2011 12:49:24.384 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:2220 - -
04/06/2011 12:49:24.576 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 377/sec has
ceased - -
04/06/2011 12:49:26.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:7535 - -
04/06/2011 12:49:26.608 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 406/sec has
ceased - -
04/06/2011 12:49:32.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:18922 - -
04/06/2011 12:49:33.720 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 353/sec has
ceased - -
04/06/2011 12:49:46.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:59756 dst: 64.60.131.215:443 - -
04/06/2011 12:49:47.416 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 408/sec has
ceased - -
04/06/2011 12:49:48.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:60555 dst: 64.60.131.215:443 - -
04/06/2011 12:49:49.448 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 333/sec has
ceased - -
04/06/2011 12:49:50.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:61266 dst: 64.60.131.215:443 - -
04/06/2011 12:49:51.480 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 379/sec has
ceased - -
04/06/2011 12:49:52.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:62071 dst: 64.60.131.215:443 - -
04/06/2011 12:49:53.512 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 405/sec has
ceased - -
04/06/2011 12:49:54.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:62854 dst: 64.60.131.215:443 - -
04/06/2011 12:49:55.544 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 382/sec has
ceased - -
04/06/2011 12:49:58.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:64423 dst: 64.60.131.215:443 - -
04/06/2011 12:49:58.640 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 402/sec has
ceased - -
04/06/2011 12:50:12.368 - Warning - Intrusion Prevention - Possible FIN Flood on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:47342 - rate:
355/sec continues - -
04/06/2011 12:50:14.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:21799 - -
04/06/2011 12:50:15.416 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 399/sec has
ceased - -
04/06/2011 12:50:16.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:26913 - -
04/06/2011 12:50:17.448 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 427/sec has
ceased - -
04/06/2011 12:50:18.384 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:40382 - -
04/06/2011 12:50:19.480 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 349/sec has
ceased - -
04/06/2011 12:50:20.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:61660 - -
04/06/2011 12:50:21.512 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 395/sec has
ceased - -
04/06/2011 12:50:22.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:48606 - -
04/06/2011 12:50:23.544 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 319/sec has
ceased - -
04/06/2011 12:50:26.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:40860 - -
04/06/2011 12:50:27.608 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 429/sec has
ceased - -
04/06/2011 12:50:28.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:18394 - -
04/06/2011 12:50:29.640 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 384/sec has
ceased - -
04/06/2011 12:50:38.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:63065 dst: 64.60.131.215:443 - -
04/06/2011 12:50:39.416 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 302/sec has
ceased - -
04/06/2011 12:50:40.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:63707 dst: 64.60.131.215:443 - -
04/06/2011 12:50:41.448 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 321/sec has
ceased - -
04/06/2011 12:50:42.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:64392 dst: 64.60.131.215:443 - -
04/06/2011 12:50:43.480 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 393/sec has
ceased - -
04/06/2011 12:50:44.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:65160 dst: 64.60.131.215:443 - -
04/06/2011 12:50:45.512 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 400/sec has
ceased - -
04/06/2011 12:50:46.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:49528 dst: 64.60.131.215:443 - -
04/06/2011 12:50:47.544 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 383/sec has
ceased - -
04/06/2011 12:50:48.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:50292 dst: 64.60.131.215:443 - -
04/06/2011 12:50:49.576 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 410/sec has
ceased - -
04/06/2011 12:51:14.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:29882 - -
04/06/2011 12:51:14.416 - Warning - Intrusion Prevention - Possible FIN Flood on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:65091 - rate:
318/sec continues - -
04/06/2011 12:51:15.432 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 294/sec has
ceased - -
04/06/2011 12:52:02.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:53194 dst: 64.60.131.215:443 - -
04/06/2011 12:52:02.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:12277 - -
04/06/2011 12:52:03.400 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 332/sec has
ceased - -
04/06/2011 12:52:03.400 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 330/sec has
ceased - -
04/06/2011 12:52:04.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:53904 dst: 64.60.131.215:443 - -
04/06/2011 12:52:04.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:25640 - -
04/06/2011 12:52:05.432 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 397/sec has
ceased - -
04/06/2011 12:52:05.432 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 400/sec has
ceased - -
04/06/2011 12:52:06.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:54641 dst: 64.60.131.215:443 - -
04/06/2011 12:52:06.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:1152 - -
This email was generated by: SonicOS Enhanced 4.2.0.1-12e (0006-B13B-0234)
Machine 192.168.1.152 is a MacBook...we have that machine turned off for now.
Here is the log:
0006-B13B-0234 Log (part 3) dumped to email at 2011-04-06 12:52:08
04/06/2011 12:48:55.416 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 369/sec has
ceased - -
04/06/2011 12:48:56.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:58139 dst: 64.60.131.215:443 - -
04/06/2011 12:48:57.448 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 357/sec has
ceased - -
04/06/2011 12:48:58.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:58850 dst: 64.60.131.215:443 - -
04/06/2011 12:48:59.480 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 316/sec has
ceased - -
04/06/2011 12:49:00.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:59505 dst: 64.60.131.215:443 - -
04/06/2011 12:49:01.560 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 355/sec has
ceased - -
04/06/2011 12:49:12.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:24578 - -
04/06/2011 12:49:12.384 - Warning - Intrusion Prevention - Possible FIN Flood on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:2041 - rate:
357/sec continues - -
04/06/2011 12:49:13.400 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 354/sec has
ceased - -
04/06/2011 12:49:14.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:20207 - -
04/06/2011 12:49:15.432 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 268/sec has
ceased - -
04/06/2011 12:49:16.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:11289 - -
04/06/2011 12:49:17.464 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 427/sec has
ceased - -
04/06/2011 12:49:18.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:5597 - -
04/06/2011 12:49:19.496 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 393/sec has
ceased - -
04/06/2011 12:49:20.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:29969 - -
04/06/2011 12:49:21.528 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 340/sec has
ceased - -
04/06/2011 12:49:22.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:8943 - -
04/06/2011 12:49:23.560 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 301/sec has
ceased - -
04/06/2011 12:49:24.384 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:2220 - -
04/06/2011 12:49:24.576 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 377/sec has
ceased - -
04/06/2011 12:49:26.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:7535 - -
04/06/2011 12:49:26.608 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 406/sec has
ceased - -
04/06/2011 12:49:32.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:18922 - -
04/06/2011 12:49:33.720 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 353/sec has
ceased - -
04/06/2011 12:49:46.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:59756 dst: 64.60.131.215:443 - -
04/06/2011 12:49:47.416 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 408/sec has
ceased - -
04/06/2011 12:49:48.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:60555 dst: 64.60.131.215:443 - -
04/06/2011 12:49:49.448 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 333/sec has
ceased - -
04/06/2011 12:49:50.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:61266 dst: 64.60.131.215:443 - -
04/06/2011 12:49:51.480 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 379/sec has
ceased - -
04/06/2011 12:49:52.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:62071 dst: 64.60.131.215:443 - -
04/06/2011 12:49:53.512 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 405/sec has
ceased - -
04/06/2011 12:49:54.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:62854 dst: 64.60.131.215:443 - -
04/06/2011 12:49:55.544 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 382/sec has
ceased - -
04/06/2011 12:49:58.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:64423 dst: 64.60.131.215:443 - -
04/06/2011 12:49:58.640 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 402/sec has
ceased - -
04/06/2011 12:50:12.368 - Warning - Intrusion Prevention - Possible FIN Flood on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:47342 - rate:
355/sec continues - -
04/06/2011 12:50:14.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:21799 - -
04/06/2011 12:50:15.416 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 399/sec has
ceased - -
04/06/2011 12:50:16.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:26913 - -
04/06/2011 12:50:17.448 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 427/sec has
ceased - -
04/06/2011 12:50:18.384 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:40382 - -
04/06/2011 12:50:19.480 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 349/sec has
ceased - -
04/06/2011 12:50:20.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:61660 - -
04/06/2011 12:50:21.512 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 395/sec has
ceased - -
04/06/2011 12:50:22.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:48606 - -
04/06/2011 12:50:23.544 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 319/sec has
ceased - -
04/06/2011 12:50:26.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:40860 - -
04/06/2011 12:50:27.608 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 429/sec has
ceased - -
04/06/2011 12:50:28.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:18394 - -
04/06/2011 12:50:29.640 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 384/sec has
ceased - -
04/06/2011 12:50:38.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:63065 dst: 64.60.131.215:443 - -
04/06/2011 12:50:39.416 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 302/sec has
ceased - -
04/06/2011 12:50:40.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:63707 dst: 64.60.131.215:443 - -
04/06/2011 12:50:41.448 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 321/sec has
ceased - -
04/06/2011 12:50:42.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:64392 dst: 64.60.131.215:443 - -
04/06/2011 12:50:43.480 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 393/sec has
ceased - -
04/06/2011 12:50:44.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:65160 dst: 64.60.131.215:443 - -
04/06/2011 12:50:45.512 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 400/sec has
ceased - -
04/06/2011 12:50:46.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:49528 dst: 64.60.131.215:443 - -
04/06/2011 12:50:47.544 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 383/sec has
ceased - -
04/06/2011 12:50:48.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:50292 dst: 64.60.131.215:443 - -
04/06/2011 12:50:49.576 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 410/sec has
ceased - -
04/06/2011 12:51:14.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:29882 - -
04/06/2011 12:51:14.416 - Warning - Intrusion Prevention - Possible FIN Flood on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:65091 - rate:
318/sec continues - -
04/06/2011 12:51:15.432 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 294/sec has
ceased - -
04/06/2011 12:52:02.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:53194 dst: 64.60.131.215:443 - -
04/06/2011 12:52:02.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:12277 - -
04/06/2011 12:52:03.400 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 332/sec has
ceased - -
04/06/2011 12:52:03.400 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 330/sec has
ceased - -
04/06/2011 12:52:04.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:53904 dst: 64.60.131.215:443 - -
04/06/2011 12:52:04.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:25640 - -
04/06/2011 12:52:05.432 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:9b:a6:5b:94 with FIN rate of 397/sec has
ceased - -
04/06/2011 12:52:05.432 - Alert - Intrusion Prevention - Possible FIN Flood on IF X0 - from machine xx:xx:c2: e:e5:a7 with FIN rate of 400/sec has
ceased - -
04/06/2011 12:52:06.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.152:54641 dst: 64.60.131.215:443 - -
04/06/2011 12:52:06.368 - Alert - Intrusion Prevention - Possible FIN Flood
on IF X0 - src: 192.168.1.253:443 dst: 64.60.131.215:1152 - -
This email was generated by: SonicOS Enhanced 4.2.0.1-12e (0006-B13B-0234)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The solution failed to address some of the initial questions but was an adequate attempt.
ASKER