Open
Description
Here's one:
Can you describe what has most likely happened in the
following (abbreviated) network conversation? Is this behaviour likely to be caused
by the server configuration, or a network firewall? Why?
14:54:52.437735 IP client.42458 > server.21: Flags [S], seq 1684654810, win 14600, options [mss 1460,sackOK,TS val 145488717 ecr 0,nop,wscale 7], length 0
14:54:52.437768 IP server.21 > client.42458: Flags [S.], seq 4232260733, ack 1684654811, win 14480, options [mss 1460,sackOK,TS val 280783227 ecr 145488717,nop,wscale 7], length 0
14:54:52.438533 IP client.42458 > server.21: Flags [.], ack 1, win 115, options [nop,nop,TS val 145488717 ecr 280783227], length 0
14:54:57.440473 IP server.21 > client.42458: Flags [F.], seq 1, ack 1, win 114, options [nop,nop,TS val 280784478 ecr 145488717], length 0
14:54:57.441246 IP client.42458 > server.21: Flags [F.], seq 1, ack 2, win 115, options [nop,nop,TS val 145489968 ecr 280784478], length 0
14:54:57.441264 IP server.21 > client.42458: Flags [.], ack 2, win 114, options [nop,nop,TS val 280784478 ecr 145489968], length 0
answer: it's highly unlikely a network firewall did this, as it contains a FIN/ACK close sequence and the typical behaviour is to simply drop the packet. It is most likely this is caused by tcpwrappers on the target host (/etc/hosts.allow /etc/hosts.deny)
Metadata
Metadata
Assignees
Labels
No labels