Your firewall is doing its job. You can expect a certain amount of scan activity originating from different IP addresses on a regular basis. Essentially, there are people and 'robots' out there that probe the Internet for vulnerabilities that can be exploited to gain access to a network. You can attempt to trace the source of this activity and report it to the parent organization accordingly. To trace the source of activity, you can use a site like DNS Stuff <a href="http://www.dnsstuff.com/">http://www.dnsstuff.com/</a>. ***Improved by The Geek on 27 March 2008*** FIN scans are an attempt to enumerate open ports on your firewall and are part of the overall "Internet Background Radiation" that we all notice in our logs. There's really nothing anyone can do about it except make sure their firewalls are properly configured with only the essential ports open to the Internet.

Your firewall is doing its job. You can expect a certain amount of scan activity originating from different IP addresses on a regular basis. Essentially, there are people and 'robots' out there that probe the Internet for vulnerabilities that can be exploited to gain access to a network. You can attempt to trace the source of this activity and report it to the parent organization accordingly. To trace the source of activity, you can use a site like DNS Stuff <a href="http://www.dnsstuff.com/">http://www.dnsstuff.com/</a>. ***Improved by The Geek on 27 March 2008*** FIN scans are an attempt to enumerate open ports on your firewall and are part of the overall "Internet Background Radiation" that we all notice in our logs. There's really nothing anyone can do about it except make sure their firewalls are properly configured with only the essential ports open to the Internet.