Friday, March 02, 2007

Deformed TCP Options - Got Packets?

I got this article from SANS. This is about TCP packet analysis. The analysis said that scan maybe to probe firewall configuration, but it seem the level of crafting involved would be overkilled. I'm still new in packet analysis. I think i sould improve my knowledge aabout TCP packet attack.


~ayoi~ said...

I think Richard Bejtlich did mention regarding this incidents in his blog and I tend to agree. 1st, the so called "attacker" is mereley replying to the source (notice the SYN.ACK flags?) It just answering syn packet from the source. Also another way is by asking the owner of the "attacker". He might give an appropriate answer.

Richard Bejtlich said...


please read this.

Johncrackernet said...

Thanks Ayoi and Richard!!