Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Small tcp fragments.

Small tcp fragments.

From: <cider_at_SPEAKEASY.ORG>
Date: Wed, 6 Sep 2000 14:02:17 -0700

hi,

        from time to time I see very small tcp fragments with source and
destination port == 0, no payload, no options, and both DF and MF bits
set. these are frequently from IP addresses which have established
legitimate tcp connections (usually to port 80 or 443) to hosts on my
network, and there are usually only one or two of these fragments per
source. because of the lack of any real information in these fragments,
i'm suspecting misbehaving networking equipment rather than malicious
activity - though it did occur to me that they may be some kind of "packet
of death" for a particular operating system. anyone else familiar with /
see these packets? they seem to originate mostly from european address
space, though there have been a few US-generated fragments as well. 

--
cider_at_speakeasy.org
Received on Sep 07 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos