I get FIN scan alerts all the time from a particular web site that one of my users frequents. I had my user inform the site of this and their reply consisted of, 1: Criticizing our ability to think because we use a SonicWall as a firewall. 2: Telling us the SonicWall could not tell the difference between a FIN scan and normal TCP traffic. I know the SonicWALL (XPRS2) can set false positives concerning FIN scans if it see a large number of them from a single site in a certain amount of time. However this is the only site that consistently sets these alerts. We get random FIN scan alerts, but every time this particular user visits this site SonicWall sends me an alert. What normal TCP traffic would have such a large number of packets with the FIN flag set? The SonicWall is supposed to be stateful, does it not keep track of sequence numbers? Lastly has anyone else had this problem?
Jim Grossl Boise, Idaho USA --- [This E-mail scanned for viruses by Declude/F-Prot Virus] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
