tag:blogger.com,1999:blog-4088979.post1438041433898094371..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Nail in the TCP Options CoffinRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4088979.post-4879348437085577272007-04-19T22:31:00.000-04:002007-04-19T22:31:00.000-04:00I am seeing some SYN packets with TCP options > 0x...I am seeing some SYN packets with TCP options > 0x1B but also aligned on 4 byte boundaries. These packets I think are crafted rather than back scatter. <BR/><BR/>I agree with you that one should not always jump to packet conspiracy as there has been plenty of examples related to poor coding that corrupts TCP traffic.Joff Thyerhttps://www.blogger.com/profile/04877713852105803116noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-90135597426810450232007-03-20T01:02:00.000-04:002007-03-20T01:02:00.000-04:00Most people like to jump to conclusions when they ...Most people like to jump to conclusions when they first see something. I've seen people look at NOOP sled alerts from snort and suggest they were real buffer overflow attacks, when in fact, they were false alerts generated from checking encrypted yahoo webmail. *sigh*Anonymousnoreply@blogger.com