Security Incidents mailing list archives
RE: Suspect short first fragment?
From: "Ralph Los" <RLos () enteredge com>
Date: Thu, 28 Feb 2002 13:28:22 -0500
Fragmented port-0 (nmap) scan, with fragmentation enabled?? Just a thought. ----------------------------------------| Ralph M. Los Sr. Security Consultant and Trainer EnterEdge Technology, L.L.C. rlos () enteredge com (770) 955-9899 x.206 ----------------------------------------| ::-----Original Message----- ::From: jamie () jamie-sue org [mailto:jamie () jamie-sue org] ::Sent: Thursday, February 28, 2002 12:57 PM ::To: incidents () securityfocus com ::Subject: Suspect short first fragment? :: :: :: :: ::I got several of these messages in my syslogd logs - ::I'm using Redhat 7.1 :: :: any idea? Is this an attack? :: :: Suspect short first fragment. :: eth0 PROTO=17 212.15.64.83:0 ::200.186.111.146:0 L=20 S=0x00 I=40960 F=0x4000 ::T=116 :: (#0) :: ::-------------------------------------------------------------- ::-------------- ::This list is provided by the SecurityFocus ARIS analyzer ::service. For more information on this free incident handling, ::management ::and tracking system please see: http://aris.securityfocus.com :: :: ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Suspect short first fragment? jamie (Feb 28)
- <Possible follow-ups>
- RE: Suspect short first fragment? Ralph Los (Feb 28)
- RE: Suspect short first fragment? Boyan Krosnov (Feb 28)