# Quick question about [DOS Attack: FIN Scan]



## matty0891 (Mar 30, 2010)

Quick question,

If i receive a router log entry such as:

[DOS attack: FIN Scan] attack packets in last 20 sec from ip [xxx.xxx.xxx]

Could this scan be originating from a user on my network, or would a different log entry be displayed/no log entry at all, if it originated from a machine on the network.

The reason I ask is that i suspect the user's machine is riddled with viruses, and although the IP address is never that of the person on the network, i have read about certain programs using proxy servers to send out automated e-mails, which would also explain the consistent high latency whenever their machine is active.

Thanks in advance.


----------



## 2xg (Aug 5, 2009)

Try this command *netstat -a* and see what IP's are connected to your computer. You may change your SSID and make sure that you have a WPA2 Security in place.


----------

