They should always just use Shodan. https://www.shodan.io/explore On 4 April 2016 at 05:54, Brandon Vincent <Brandon.Vincent@asu.edu> wrote:
On Thu, Mar 31, 2016 at 4:41 AM, DV <iamzam@gmail.com> wrote:
I have noticed this and especially the strange format of the packets with a SYN/ECE/CWR flag combination: http://pastebin.com/jFCDAmdr
This may be $whoever trying to establish network performance/congestion via ECN or it could be something else like a fast scan technique or OS fingerprinting
It's OS fingerprinting. Targeted attacks are far more productive. If I'm trying to get into an organization, I'd much rather be interested in Juniper ScreenOS than someone's personal *nix machine.
Brandon Vincent
-- BaconZombie 55:55:44:44:4C:52:4C:52:42:41 LOAD "*",8,1