On Mar 3 2007 19:42, afshin lamei wrote: > > Dear list, > I'm running a test box with an iptables rule like this (to detect "FIN > no ACK" port scanning): > > iptables -A INPUT -p tcp --tcp-flags FIN,ACK FIN -j LOG > > is that a correct rule for "FIN no ACK" scan? See http://jengelh.hopto.org/p/chaostables/#se2 > The rule generates more than 15 log entries per minute in my /var/log/messages: > > IN=br0 OUT= PHYSIN=eth1 MAC=<"my box" SRC=<"Some valid IPs" DST="My > box" LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=59216 DF PROTO=TCP SPT=59005 > DPT=3128 WINDOW=65535 RES=0x00 FIN URGP=0 > > The logs are continuing to appear for more than 2 weeks! How can I > find the cause of this? > best regards, > afshin lamei > Jan --
