packets with reserved bits set on

[Vitaly Osipov <vos () TELENOR CZ>]

Hi all,

Each day I get some weird packets coming to logs :) sometimes it is really
difficult task to figure out what's happening... So I was wondering for some
time what the following thing could be -

Aug 22 16:37:09 194.24.254.24:53 -> 195.22.32.22:1026 UDP

08/22-16:37:14.530505 0:90:F2:55:F0:0 -> 0:60:8:CE:FC:C1 type:0x800 len:0x4A
194.24.254.24:4556 -> 195.22.32.22:113 TCP TTL:59 TOS:0x0 ID:0 DF
21S***** Seq: 0x494ED4AF Ack: 0x0 Win: 0x16D0
TCP Options => MSS: 1460 SackOK TS: 60856195 0 NOP WS: 0

08/22-16:59:26.047488 0:90:F2:55:F0:0 -> 0:60:8:CE:FC:C1 type:0x800 len:0x4A
194.24.254.24:4591 -> 195.22.32.22:113 TCP TTL:59 TOS:0x0 ID:0 DF
21S***** Seq: 0x9C8CA359 Ack: 0x0 Win: 0x16D0
TCP Options => MSS: 1460 SackOK TS: 60989356 0 NOP WS: 0

08/24-16:30:52.295807 0:90:F2:55:F0:0 -> 0:60:8:CE:FC:C1 type:0x800 len:0x4A
194.24.254.24:2185 -> 195.22.32.22:113 TCP TTL:59 TOS:0x0 ID:0 DF
21S***** Seq: 0xAC7E5573 Ack: 0x0 Win: 0x16D0
TCP Options => MSS: 1460 SackOK TS: 78099087 0 NOP WS: 0

etc. both source and destinations are nameservers, 194.24.254.24 running
bind  "8.2.2-P5-NOESW" (at least is says so when asked for version.bind). I
just wonder why it has some reserved bits set? is it some feature of their
bind?(probably not) I asked sysadmin of that host - he said it will be
checked, but no reply since then.

regards,
Vitaly.