fin-no-ack scans

Fred Portnoy fportnoy at
Wed Mar 31 22:48:28 GMT 2004


My Packeteer was bogging down again today and I found from my firewall logs
that I had a host spewing out tcp packets to port 6346 with FIN flag but no
accompanying ACK flag. I had thought that correct TCP protocol would not do
that. Anyone familiar with this? Is it a virus/worm symptom, or is it a way
of some P2P application to search for partners?


Fred Portnoy
Plymouth State University
Plymouth, New Hampshire

More information about the unisog mailing list