[Dshield] tcp options

Dave Garn dgarn at crucialsecurity.com
Wed Jan 25 16:27:07 GMT 2006


Valdis.Kletnieks at vt.edu wrote:
> Oddness.
> IANA has only issued numbers 0 through 26 for TCP options:
> http://www.iana.org/assignments/tcp-parameters

Indeed.  That's why I'm not sure what it is.  It certainly looks 
non-standard.  As far as whether it's "crafted" or not, I guess that 
would depend on what we know about the source host, which isn't much.

It would also be interesting to know what the destination host did with 
the packet.  I see the two examples were attempts to start a 3-way 
handshake with what is presumably a web server (port tcp/80).

______________________
Dave Garn
Security Engineer
Crucial Security, Inc.


More information about the list mailing list