Dear list, I'm running a test box with an iptables rule like this (to detect "FIN no ACK" port scanning): iptables -A INPUT -p tcp --tcp-flags FIN,ACK FIN -j LOG is that a correct rule for "FIN no ACK" scan? The rule generates more than 15 log entries per minute in my /var/log/messages: IN=br0 OUT= PHYSIN=eth1 MAC=<"my box" SRC=<"Some valid IPs" DST="My box" LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=59216 DF PROTO=TCP SPT=59005 DPT=3128 WINDOW=65535 RES=0x00 FIN URGP=0 The logs are continuing to appear for more than 2 weeks! How can I find the cause of this? best regards, afshin lamei
