[Dshield] Weird scanning, weird ports, weird TCP flags..

John Sage jsage at finchhaven.com
Fri Oct 24 15:25:10 GMT 2003

in re: /8 et al...

On Fri, Oct 24, 2003 at 08:12:31AM -0500, Nick Harley wrote:
> I guess I never thought of that as a valid network, only a local
> broadcast. I learn something new every day. :)
> >>> "Brian Coyle" <brian at linuxwidows.com> 10/23/2003 9:12:32 PM >>>
> Hash: SHA1

/* snip */

> > but I don't understand what 126/8 is. I
> > had assumed that this would mean 126.x.x.x/8 
> That's exactly what it means.
> > but that wouldn't fit with 0/8 0.x.x.x/8.
> Why not?   If a worm or tool crafts packets (invalid or not) with 
> the first eight bits set to zero, that's 0/8...

/* snip */

A useful tool for fiddling with such nonsense:


Available in command line form:


and presents a pretty html face:


Works well, and is less filling.

- John
"Most people don't type their own logfiles;  but, what do I care?"
John Sage: InfoSec Groupie
ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
ATTENTION: this entire message is privileged communication, intended
for the sole use of its recipients only. If you read it even though
you know you aren't supposed to, you're a poopy-head.

More information about the list mailing list