I have some guy that scans my firewall and his packets are dropped by rule 0 as
unknown established tcp packet.On the opther hand I receive e-mail alerts from CPMAD
that states that there is a port scanning atack from this address.
In the output of fwinfo command I see the address of this guy listed and in the state
column it appears as FIN_WAIT_2
I know that using nmap you can initiate FIN scan....
Questions:
1.What is FIN?
2. Does FIN_WAIT_2 indicates that it was a FIN port scanning?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
