Re: Another odd scan...

From: Muhammad Faisal Rauf Danka (mfrd@attitudex.com)
Date: 07/13/02

Previous message: Bubsy: "Re: Ideas? Port 21 SYNs, slow"
Maybe in reply to: Adam Young: "Another odd scan..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 13 Jul 2002 13:30:10 -0700 (PDT)
From: Muhammad Faisal Rauf Danka <mfrd@attitudex.com>
To: incidents@securityfocus.com

('binary' encoding is not supported, stored as-is)

well CRW is Congestion Window Reduced and ECN is Explicit Congestion
Notification in TCP/IP headers.

TCP inclused a 6 bit reserved field for future use as defined in RFC
793, 2 of those six reserved fields to be used for ECN purposes as
defined in RFC 3168.

8th bit= CWR (Congestion Window Reduced)
9th bit= ECE (ECN-Echo)

hope it helps... =)

references = RFC 793 and 3168.

Regards,
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk

--- message from Adam Young <adam@vbfx.com> attached:

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag

attached mail follows:

('binary' encoding is not supported, stored as-is)

Date: Thu, 11 Jul 2002 21:56:35 -0400
From: Adam Young <adam@vbfx.com>
To: incidents@securityfocus.com

--SNIP--
Jul 11 21:52:48 element kernel: (catch-all logging):: IN=eth0 OUT= MAC=*
SRC=80.97.2.93 DST=24.215.x.y LEN=60 TOS=0x00 PREC=0x00 TTL=34 ID=64252
DF PROTO=TCP SPT=33124 DPT=77 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0
--SNIP--

I got this for about 2 minutes, every 20 seconds or so, I just thought
it especially weird with "CWR ECE SYN", looking as to what the meaning
of this is.

Any help is appreciated greatly,

Adam

application/pgp-signature attachment: stored

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Previous message: Bubsy: "Re: Ideas? Port 21 SYNs, slow"
Maybe in reply to: Adam Young: "Another odd scan..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]