Repeated scans, probles - multiple IPs, what should I do?

[jsnorman]

Here is my log for today (similar pattern throughout last week), though becoming much more frequent in last few hours:

03/01/2006 00:13:20 **SYN Flood to Host** 192.168.15.101, 53456->> 64.233.179.99, 80 (from PPPoE Outbound)
02/28/2006 23:57:57 **TCP FIN Scan** 192.168.15.101, 49540->> 204.57.79.91, 80 (from PPPoE Outbound)
02/28/2006 23:57:57 **TCP FIN Scan** 192.168.15.101, 35942->> 66.135.208.200, 80 (from PPPoE Outbound)
02/28/2006 23:57:57 **TCP FIN Scan** 192.168.15.101, 34473->> 208.172.128.252, 80 (from PPPoE Outbound)
02/28/2006 23:51:42 **TCP FIN Scan** 192.168.15.101, 57452->> 216.113.180.102, 80 (from PPPoE Outbound)
02/28/2006 23:51:42 **TCP FIN Scan** 192.168.15.101, 55855->> 216.113.180.121, 80 (from PPPoE Outbound)
02/28/2006 23:51:42 **TCP FIN Scan** 192.168.15.101, 56560->> 216.113.180.106, 80 (from PPPoE Outbound)

I am using a hardware firewall (SMC), with stateful inspection (obviously) and also using MAC address filtering just to make sure. However, all these scans with increasing frequency make me a little nervous.

Is there anything I can/should be doing?

[kg]

Not being clear on the format of the log for your firewall, this looks suspiciously like it is logging outbound traffic.
The (from PPPoE Outbound) would seem to imply this is traffic originating from you.

02/28/2006 23:51:42 **TCP FIN Scan** 192.168.15.101, 57452->> 216.113.180.102, 80 (from PPPoE Outbound)

Were you looking at Ebay.com? The 216.113.180.[102|106|121] addresses are all part of ebayimg.com.

Looks like your machine's IP address is 192.168.15.101 and you were surfing (dest. port 80).
Why your firewall seems to think you are sending TCP FIN Scans is a little unusual.

Best bet is to search for hits relating to your firewall....
_________________
If at first you don't succeed, try again. Then quit. No use being a damn fool about it. --W.C. Fields

[MrUlterior]