Sign in to follow this  
cptbuzz

psk ack, ack, fin ack

Recommended Posts

Hello,
In my lavasoft firewall 3.0 (for a 64bit processor) I have a particular IP registering as psk ack, ack, and fin ack. The same IP has buzz me over a two week period constantly over multiple ports. Could someone please fill me on the abbreviations psk ack, ack, fin ack as to what they stand for. :o

See attachment. I Hope someone can help. Edited by cptbuzz

Share this post


Link to post
Share on other sites
If you need more info, as a paid licensed user, try contacting Lavasoft Customer Support via the link in my signature. Here's what I found via Google:

[url="http://encyclopedia2.thefreedictionary.com/Pre-Shared+Key"]http://encyclopedia2.thefreedictionary.com/Pre-Shared+Key[/url]

PSK
preshared keys
The use of secret passwords or encryption keys that are entered into both sides of the message exchange ahead of time. Preshared keys (PSK) are typed into the clients and servers (authentication servers, access points, etc.) or entered via floppy, CD-ROM or smart card. Contrast with "server-based keys," in which one side generates a key and sends it to the other side during the authentication session.

[url="http://inferno.slug.org/iptables-tutorial/x218.html"]http://inferno.slug.org/iptables-tutorial/x218.html[/url]

ACK
This bit is set to a packet to indicate that this is in reply to another packet that we received, and that contained data. An Acknowledgment packet is always sent to indicate that we have actually received a packet, and that it contained no errors. If this bit is set, the original data sender will check the Acknowledgment Number to see which packet is actually acknowledged, and then dump it from the buffers.

FIN
The FIN bit indicates that the host that sent the FIN bit has no more data to send. When the other end sees the FIN bit, it will reply with a FIN/ACK. Once this is done, the host that originally sent the FIN bit can no longer send any data. However, the other end can continue to send data until it is finished, and will then send a FIN packet back, and wait for the final FIN/ACK, after which the connection is sent to a CLOSED state.

Share this post


Link to post
Share on other sites
Hi

In addition to Vistor's reply in the log file there is single port scan from 192.168.3.1

Some thoughts on this.

192.168.3.1 is a NAT address, typically a router. Are you using a router to connect to the Internet such a wireless broadband router?

Port scanning is not strictly an attack but could indicate something quering to determine potential vulnerabilities by looking for open ports.

I used to get similar messages from my router, this turned out to be a setting on the router, it had forward management information set on so the router was trying to find some service on the PC to send its log information to. I turned off the forward log information on the router and this type of message stopped appearing in the firewall log.

Share this post


Link to post
Share on other sites
Sign in to follow this