[Dshield] tcp options
dgarn at crucialsecurity.com
Wed Jan 25 16:27:07 GMT 2006
Valdis.Kletnieks at vt.edu wrote:
> IANA has only issued numbers 0 through 26 for TCP options:
Indeed. That's why I'm not sure what it is. It certainly looks
non-standard. As far as whether it's "crafted" or not, I guess that
would depend on what we know about the source host, which isn't much.
It would also be interesting to know what the destination host did with
the packet. I see the two examples were attempts to start a 3-way
handshake with what is presumably a web server (port tcp/80).
Crucial Security, Inc.
More information about the list