Hello, I have found in traffic traces a strange phénomena that I can't explained. The traffic comes from the repository mawilab. Among this traffic I have a strange thing. There is an http server (216.118.180.205 ) which sends only TCP packets with the RSt ACK flag. I wonder why its does such a thing. Why does it send these packets ? Here is a screenshot of this strange phenomena. It shows the traffic from and to the HTTP server. My question is why does it do such a thing. Is it an anomaly, a bug of the server, an attack ?...
Thaks in advance for any answer asked 06 Feb '15, 05:57  district9 |
One Answer:
Without a more detailed description of the origin of the capture file it's hard to tell what this is. It could be a TCP reset attack, although the information here is a bit limited. answered 09 Feb '15, 04:01  Jaap ♦ |
What is the "repository mawilab"?
BTW: Are you sure you are seeing the whole traffic while capturing the frames? Where and how did you capture that traffic?