Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Internet Security | DShield SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
What's with tcp/0?

In case you did not notice, the DShield system is going nuts with reports on tcp/0.  Stephen Hall wrote a nice Cyber Security Awareness Month diary on the subject of tcp/0 earlier this month.  Did the bad guys read it and start launching probes?  Is it Akamai or some other caching service?  If you can do some full packet captures of any tcp/0 traffic hitting your firewalls let us know what you find out.  Send us your analysis via our contact page.

Marcus H. Sachs
Director, SANS Internet Storm Center


301 Posts
ISC Handler
Oct 24th 2009

Sign Up for Free or Log In to start participating in the conversation!