Re: Another odd scan...

[Muhammad Faisal Rauf Danka <mfrd () attitudex com>]

well CRW is Congestion Window Reduced and ECN is Explicit Congestion 
Notification in TCP/IP headers.

TCP inclused a 6 bit reserved field for future use as defined in RFC 
793, 2 of those six reserved fields to be used for ECN purposes as 
defined in RFC 3168.

8th bit=   CWR (Congestion Window Reduced)
9th bit=   ECE (ECN-Echo)      

hope it helps... =)
 
references = RFC 793 and 3168.

Regards, 
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk


--- message from Adam Young <adam () vbfx com> attached:

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with email () yourgroup org by Everyone.net  
http://www.everyone.net/?btn=tag

--- Begin Message --- From: Adam Young <adam () vbfx com>
Date: Thu, 11 Jul 2002 21:56:35 -0400

--SNIP--
Jul 11 21:52:48 element kernel: (catch-all logging):: IN=eth0 OUT= MAC=*
SRC=80.97.2.93 DST=24.215.x.y LEN=60 TOS=0x00 PREC=0x00 TTL=34 ID=64252
DF PROTO=TCP SPT=33124 DPT=77 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0 
--SNIP--

        I got this for about 2 minutes, every 20 seconds or so, I just thought
it especially weird with "CWR ECE SYN", looking as to what the meaning
of this is.

        Any help is appreciated greatly,

                Adam

Attachment: _bin
Description:

--- End Message ---

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com