3 Apr
2016
3 Apr
'16
11:54 p.m.
On Thu, Mar 31, 2016 at 4:41 AM, DV <iamzam@gmail.com> wrote:
I have noticed this and especially the strange format of the packets with a SYN/ECE/CWR flag combination: http://pastebin.com/jFCDAmdr
This may be $whoever trying to establish network performance/congestion via ECN or it could be something else like a fast scan technique or OS fingerprinting
It's OS fingerprinting. Targeted attacks are far more productive. If I'm trying to get into an organization, I'd much rather be interested in Juniper ScreenOS than someone's personal *nix machine. Brandon Vincent