Preface: TCP small segment sizeLogo -Internet Security Systems

TCP small segment size
advICE :Intrusions : 2000316
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?

Summary The intruder is purposely requesting an unusually small TCP segment size.

Details

There is almost never a legitimate reason to request such a small segment size on the Internet. During the early days of the Internet, small segment sizes were used, but today there is virtually no equipment that requires it.

The intruder may be trying to force a firewall or router to behave in an unusual way. For example, this trick has been used to open up holes in certain firewalls, as discussed in detail below.

 more information
BugtraqID: 979   Checkpoint FireWall-1 FTP Server Vulnerability
By sending a carefully crafted frame to an FTP server sitting behind a firewall, the intruder can cause the firewall to open a port of the intruder's choosing.  

 parametric information
portThe TCP destination port
flagsThe TCP flags from the offending frame. The flags are: S (SYN), F (FIN), R (RESET), P (PUSH), A (ACK), U (URGENT), 4 (low-order unused bit), 8 (high-order unused bit)
optionsThe TCP options from the offending frame. The options are displayed as "option-value", separated by commas. No-ops are not displayed 

 
Version appeared: 2.1
Privacy Policy |  Copyright Info