Security Incidents mailing list archives
Small tcp fragments.
From: cider () SPEAKEASY ORG
Date: Wed, 6 Sep 2000 14:02:17 -0700
hi, from time to time I see very small tcp fragments with source and destination port == 0, no payload, no options, and both DF and MF bits set. these are frequently from IP addresses which have established legitimate tcp connections (usually to port 80 or 443) to hosts on my network, and there are usually only one or two of these fragments per source. because of the lack of any real information in these fragments, i'm suspecting misbehaving networking equipment rather than malicious activity - though it did occur to me that they may be some kind of "packet of death" for a particular operating system. anyone else familiar with / see these packets? they seem to originate mostly from european address space, though there have been a few US-generated fragments as well. -- cider () speakeasy org
Current thread:
- Small tcp fragments. cider (Sep 06)
- Re: Small tcp fragments. Marc Matteo (Sep 07)
- Re: Small tcp fragments. Ian Eure (Sep 07)