Monday, February 22, 2021

Why would I receive dozens of RST/ACK packets without any other packets in the normal TCP handshake?

Over the span of a few days I have noticed dozens of RST/ACK packets all originating from different IP addresses and directed towards all different IP addresses on my network. There were no initial requests by my network to these unknown IP addresses. They are all coming from, and going to what seem like completely random ports (not just ephemeral though, a mixture of low/high source ports and low/high destination ports).

Is there some sort RST/ACK attack or scanning technique going on here? I'm not sure about scanning since I don't believe an IP address would respond to a random RST/ACK but I could be wrong. Googling it hasn't been helpful so I'm interested in any additional insight someone on here might be able to provide.



No comments:

Post a Comment