fin-no-ack scans

Fred Portnoy fportnoy at mail.plymouth.edu
Wed Mar 31 22:48:28 GMT 2004


Friends:

My Packeteer was bogging down again today and I found from my firewall logs
that I had a host spewing out tcp packets to port 6346 with FIN flag but no
accompanying ACK flag. I had thought that correct TCP protocol would not do
that. Anyone familiar with this? Is it a virus/worm symptom, or is it a way
of some P2P application to search for partners?

thanks

Fred Portnoy
Plymouth State University
Plymouth, New Hampshire



More information about the unisog mailing list