Small tcp fragments.

[cider () SPEAKEASY ORG]

hi,

        from time to time I see very small tcp fragments with source and
destination port == 0, no payload, no options, and both DF and MF bits
set.  these are frequently from IP addresses which have established
legitimate tcp connections (usually to port 80 or 443) to hosts on my
network, and there are usually only one or two of these fragments per
source.  because of the lack of any real information in these fragments,
i'm suspecting misbehaving networking equipment rather than malicious
activity - though it did occur to me that they may be some kind of "packet
of death" for a particular operating system.  anyone else familiar with /
see these packets?  they seem to originate mostly from european address
space, though there have been a few US-generated fragments as well.

--
cider () speakeasy org