undefined | Better HN

0 pointstyingq4y ago0 comments

His dump of packets shows an MSS of 1380 versus the more common default 1460, which sounds like it's coming from something with tunneled traffic. MSS 1380 would correspond to a source MTU of 1420, which is a typical default for a GRE tunnel in IPv4sec Tunnel mode. Pretty sure that's what WARP is.

0 comments

jpgvm4y ago

WARP is Wireguard but yeah, otherwise this is pretty much on point. Traffic is tunneled, likely just a random WARP user abusing Cloudflares free VPN service to do some scanning.

tyingqOP4y ago

Ah, okay. Google searches suggests the default MTU on Wireguard is also 1420, which would produce an MSS of 1380. So that makes sense.

j / k navigate · click thread line to collapse

0 pointstyingq4y ago0 comments

0 comments

jpgvm4y ago

WARP is Wireguard but yeah, otherwise this is pretty much on point. Traffic is tunneled, likely just a random WARP user abusing Cloudflares free VPN service to do some scanning.

tyingqOP4y ago

Ah, okay. Google searches suggests the default MTU on Wireguard is also 1420, which would produce an MSS of 1380. So that makes sense.

j / k navigate · click thread line to collapse