I looked at my firewall yesterday and under the NIPS list found a `scan` that is only present very rarely. It is classed by the firewall as an attack `in`, gives an adsl reference (adsl-75-31-174-120.dsl.frs2ca.sbcglobal.net) is an `attempted recon` of `medium` risk with access being denied.
Most of the reports are `PortScan` which I have seen some detail of in PCA from time to time, but this `SCAN FIN` is something I can find nothing about.
I can`t say that I fully understand the explanation as it seems to contradict itself. On the one hand it says the port is closed and on the other it seems to say that it tries to close it. This in turn allows a `packet` to be dropped?
Question is now does this give a problem or simply a message? Think I`m getting more confused.