DOS attack?

Hi Everyone,

I've got a Netgear router doing some logging and it's reporting tons of stuff like this:

[DOS attack: FIN Scan] attack packets in last 20 sec from ip [66.75.159.89], Friday, 08 Feb 2008 13:01:00
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [77.73.32.120], Friday, 08 Feb 2008 13:00:37
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.28.145.39], Friday, 08 Feb 2008 13:00:29
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [66.75.159.110], Friday, 08 Feb 2008 13:00:15
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [63.215.202.17], Friday, 08 Feb 2008 12:59:35
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.28.145.39], Friday, 08 Feb 2008 12:59:27
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [63.215.202.17], Friday, 08 Feb 2008 12:59:27


A couple of weeks ago I looked up some of these IP addresses, and they were all from Akamai Technologies. I sent emails to the abuse address asking what's going on, and was informed that Akamai Technologies provides duplicate servers (sorry if the lingo is incorrect) for customers with high volume websites, and that this activity is most likely due to someone browsing one of these websites. However no one was doing any such browsing at the time.

My question is, why would results from a browser request look like a DOS attack to a Netgear router? And could these packets be generated by the server even if the user just left the browser sitting on a website?

They don't seem to be affecting response time too much, but I would like to know what's going on.

*Peter Dow* /
Dow Software Services, Inc.
909 793-9050
pdow@xxxxxxxxxxxxxxx <mailto:pdow@xxxxxxxxxxxxxxx> /