Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

What's with tcp/0?

Published: 2009-10-24
Last Updated: 2009-10-24 02:04:21 UTC
by Marcus Sachs (Version: 1)
0 comment(s)

In case you did not notice, the DShield system is going nuts with reports on tcp/0.  Stephen Hall wrote a nice Cyber Security Awareness Month diary on the subject of tcp/0 earlier this month.  Did the bad guys read it and start launching probes?  Is it Akamai or some other caching service?  If you can do some full packet captures of any tcp/0 traffic hitting your firewalls let us know what you find out.  Send us your analysis via our contact page.

Marcus H. Sachs
Director, SANS Internet Storm Center

Keywords:
0 comment(s)
Diary Archives