2000313

	TCP OS fingerprint
advICE :Intrusions : 2000313

FAQ

Oh my gosh, I'm being HACKED!!!

How do I report the hacker to my ISP?

I'm seeing lots of attacks, is this normal?

Summary
Attacker sends unusual combination of TCP flags to see how the system responds.
Details
The attacker is trying to identify the victim's operating system. This information can then help the attacker determine which weaknesses exist on that system, and provides valuable information to assist in further attacks.

more information

advICE: fingerprint
Article on TCP/IP fingerprinting

parametric information

port The TCP destination port

flags The TCP flags from the offending frame. The flags are: S (SYN), F (FIN), R (RESET), P (PUSH), A (ACK), U (URGENT), 4 (low-order unused bit), 8 (high-order unused bit)

options The TCP options from the offending frame. The options are displayed as "option-value", separated by commas. No-ops are not displayed

 
Version appeared: 1.8.6

TCP OS fingerprint