IDS mailing list archives
TCP ACK/RST packets with data in the Reset Cause
From: Mike Gibson <micheal.gibson () gmail com>
Date: Tue, 10 Jan 2006 11:06:03 -0500
Has anyone ever seen TCP RST packets being sent from clients to web server with a "Reset Cause" containing the HTML that was in the packet that they are responding to? For example a browser client is getting a 404 error returned from my webserver but right after this I am seeing a CP ACK/RST packet from the client with the 404 HTML in the packet. When I look at the packet in Ethereal it shows the HTML in a field called "Reset cause". These packets are causing my IDS to go nuts. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- TCP ACK/RST packets with data in the Reset Cause Mike Gibson (Jan 10)
- Re: TCP ACK/RST packets with data in the Reset Cause Mike Frantzen (Jan 11)
- <Possible follow-ups>
- RE: TCP ACK/RST packets with data in the Reset Cause Palmer, Paul (ISSAtlanta) (Jan 11)