Umm, what's this from port sentry?

attackalert: Unknown Type: Packet Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0 from host: 203.232.4.4/203.232.4.4 to TCP port: 53

Port 53 is DNS. It could be someone looking for a server vulnerable to the BIND security issues.

Someone (possibly even at that IP address) wants to know if you're running anything on TCP/53. As Rehan pointed out, that would normally be BIND.

Since they're checking for TCP/53 rather than UDP/53, I'd guess they'd be planning on using an AXFR exploit. As long as you're running an up to date DNS server you should be fine.

Well, checklog is sending me this kind of stuff every day. It gets quite boring to read them. Most are "attacks" on port 53 and 111, like:

attackalert: SYN/Normal scan from host: 211.97.114.240/211.97.114.240 to TCP port: 111
attackalert: SYN/Normal scan from host: 212.49.158.133/212.49.158.133 to TCP port: 53


But this one was different:
attackalert: Unknown type
And a bunch of packet flags???

That's what made me curious as to what this one was trying to do...

Oh, I'm not running DNS, so I'm not worried about that at least :)

It's a SYN/FIN scan instead of a SYN scan, but the basic purpose is the same. Sometimes firewalls will block SYN scans but still repond to SYN/FIN scans, that's all.