Re: Another odd scan...

From: Muhammad Faisal Rauf Danka (mfrdat_private)
Date: Sat Jul 13 2002 - 13:30:10 PDT

Next message: Buddy Nahay: "Re: Ideas? Port 21 SYNs, slow"

Previous message: Bubsy: "Re: Ideas? Port 21 SYNs, slow"
Maybe in reply to: Adam Young: "Another odd scan..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) well CRW is Congestion Window Reduced and ECN is Explicit Congestion Notification in TCP/IP headers. TCP inclused a 6 bit reserved field for future use as defined in RFC 793, 2 of those six reserved fields to be used for ECN purposes as defined in RFC 3168. 8th bit= CWR (Congestion Window Reduced) 9th bit= ECE (ECN-Echo) hope it helps... =) references = RFC 793 and 3168. Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk --- message from Adam Young <adamat_private> attached: _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Promote your group and strengthen ties to your members with emailat_private by Everyone.net http://www.everyone.net/?btn=tag

attached mail follows:

('binary' encoding is not supported, stored as-is) --SNIP-- Jul 11 21:52:48 element kernel: (catch-all logging):: IN=eth0 OUT= MAC=* SRC=80.97.2.93 DST=24.215.x.y LEN=60 TOS=0x00 PREC=0x00 TTL=34 ID=64252 DF PROTO=TCP SPT=33124 DPT=77 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0 --SNIP-- I got this for about 2 minutes, every 20 seconds or so, I just thought it especially weird with "CWR ECE SYN", looking as to what the meaning of this is. Any help is appreciated greatly, Adam

application/pgp-signature attachment: stored

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Next message: Buddy Nahay: "Re: Ideas? Port 21 SYNs, slow"
Previous message: Bubsy: "Re: Ideas? Port 21 SYNs, slow"
Maybe in reply to: Adam Young: "Another odd scan..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jul 13 2002 - 19:55:41 PDT