From: xterrabart@comcast.net
Date: Mon Mar 01 2004 - 11:04:55 EST
Joe,
I have seen this in the wild a few times. The extra two "reserved" bits have been used to perform, IMHO, some sort of low level scan as you are suggesting. I personally have never done this, but seeing these packets coming across the wire with no relevance to any other established connection, I have to assume they were related to some sort of recon. Unfortunately, that's about all I can honestly tell you about these bits...I don't know how they would solicit a useful response, but I am sure they can be used somehow.
I would be curious as well to see if anyone else has seen this in the wild.
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_pen-test_040201
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:49 EDT