A quick google returned plenty of references to it,
for example:
Quote:
|
A TCP FIN packet is one sent by a web site that wants to see if you are still on-line and connected to their site. I get them from here at ABX occasionally, for example, when I leave the site but forget to log out. They are generally harmless "are you still here?" packets. BTW, you should still block them.
|
Quote:
|
FIN is the Finished flag, I believe. It's used to close a TCP connection. I also think the normal usage is to ACK an unsolicited FIN packet (i.e. if you get a FIN packet from a host you don't share a connection with, you still ACK it).
|
Quote:
Yep... that's the way it works, unless you tell your network hardware (or directly-connected PC) to igonre it. IMHO, it's best for the typical home user to filter out incoming FIN packets so that you do NOT reply. That's how my router is set up. A remote system will drop the session automatically in the absence of a reply, and theoretically one could locate systems (and potentially exploit them) by use of spurious (FAKE) FIN packets. Thus the Yellow Alert you saw.
HTH...
BTW, outgoing FIN packets are not as much of a security issue, since unless your box has already been compromised, you will be actively ending a comm session that you previously established.
|
That last sentence is probably relevant since your firewall log suggests the packets were outbound.