Fragmented port-0 (nmap) scan, with fragmentation enabled?? Just a thought. ----------------------------------------| Ralph M. Los Sr. Security Consultant and Trainer EnterEdge Technology, L.L.C. rlosat_private (770) 955-9899 x.206 ----------------------------------------| ::-----Original Message----- ::From: jamie@jamie-sue.org [mailto:jamie@jamie-sue.org] ::Sent: Thursday, February 28, 2002 12:57 PM ::To: incidentsat_private ::Subject: Suspect short first fragment? :: :: :: :: ::I got several of these messages in my syslogd logs - ::I'm using Redhat 7.1 :: :: any idea? Is this an attack? :: :: Suspect short first fragment. :: eth0 PROTO=17 212.15.64.83:0 ::200.186.111.146:0 L=20 S=0x00 I=40960 F=0x4000 ::T=116 :: (#0) :: ::-------------------------------------------------------------- ::-------------- ::This list is provided by the SecurityFocus ARIS analyzer ::service. For more information on this free incident handling, ::management ::and tracking system please see: http://aris.securityfocus.com :: :: ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Feb 28 2002 - 12:01:59 PST