Last Updated: 2009-10-24 02:04:21 UTC
by Marcus Sachs (Version: 1)
In case you did not notice, the DShield system is going nuts with reports on tcp/0. Stephen Hall wrote a nice Cyber Security Awareness Month diary on the subject of tcp/0 earlier this month. Did the bad guys read it and start launching probes? Is it Akamai or some other caching service? If you can do some full packet captures of any tcp/0 traffic hitting your firewalls let us know what you find out. Send us your analysis via our contact page.
Marcus H. Sachs
Director, SANS Internet Storm Center