I get a similar effect. However, from my research it is neither Sonicwall or Imail causing the problem. In my case, I found the source server to be my ISPs DNS server. They explained to me that some DNS requests are terminated before the response is given and then the DNS server attempts to locate the requester by searching ports, which looks like a port scan to the sonicwall. I don't have a solid understanding of the DNS conversation that causes this, but I have not seen regularly from any other machines, so I'm not too worried at this time.
You should check the source machine of the scans and investigate if it is a threat. I hope that helps. Maybe someone else can explain the DNS conversation that causes this behavior. Todd -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Johnson Sent: Monday, July 22, 2002 9:21 AM To: [EMAIL PROTECTED] Subject: [SonicWALL]- TCP FIN Scan When my users check their e-mail I get a warning from the sonic wall (pro 100) saying a possible fin scan was detected. The mail server is iMail 6.05. Is there something that I am doing wrong or is this just odd interaction between the sonic wall and iMail? --- [This E-mail scanned for viruses by Declude/F-Prot AV] ============================================================================ ======================= To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude/F-Prot AV] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
