On Thu, Mar 31, 2016 at 4:41 AM, DV <iam...@gmail.com> wrote: > I have noticed this and especially the strange format of the packets with a > SYN/ECE/CWR flag combination: http://pastebin.com/jFCDAmdr > > This may be $whoever trying to establish network performance/congestion via > ECN or it could be something else like a fast scan technique or OS > fingerprinting
It's OS fingerprinting. Targeted attacks are far more productive. If I'm trying to get into an organization, I'd much rather be interested in Juniper ScreenOS than someone's personal *nix machine. Brandon Vincent