Re: NULL Scan issues or something else?

[Daniel Curtis <sidetripping@gmail.com>]

Hi

Thank you all for your answers. They are very helpful.
I have to mention some thing, which I forgot to write;

• no running services
• all ports are closed (according to e.g. nmap)
• iptables has concerning rules about INVALID packets
• flags filtering for --tcp-flags and use --ctstate.

Now this computer is used for a various test etc. Maybe, in 

the future this machine will be something else, more important. 
So, should I afraid of these scans attempts, despite that, there 
are not enabled any service? Blocking (DROP) these connections 
is sufficient? In that case, what is the type of scan, that uses these 
flags; SYN,RST,ACK,FIN,PSH,URG SYN,RST,ACK, FIN,PSH,URG?

Why this type of scan occurs when all ports are closed and none of 

the services are not running? Sorry for the naive question, but I'm 
surprised, because I was never in a similar situation. Especially with 
closed ports and no services.


Again sorry for so many questions, and thanks for all the answers.
If you can, please answer to the above questions. They are very 

important for me.

Some part of the log:
SCAN: IN=eth0 OUT= MAC=_mac_addresses
SRC="" DST=192.168.10.X
LEN=1500 TOS=0x00 PREC=0x00 
TTL=52 ID=14512 DF
PROTO=TCP SPT=80 DPT=54790

WINDOW=6432 RES=0x00 ACK URGP=0 

...and many more...

Best regards!