[Dshield] lots of fragmented & overlapping TCP packets directed at web server...

Andrew.Patrick@kemperinsurance.com Andrew.Patrick at kemperinsurance.com
Mon Oct 15 19:17:31 GMT 2001


My IDS is seeing LOTS of fragmented and overlapping TCP packets, all
directed at port 80 on one of my web servers.  There are no other negative
indicators, just fragmented and overlapping packets....

There are multiple sources, but they almost all seem to be community
colleges, or high schools, or other educational institutions.
Some of the source IPs have a few dings against them in DShield, but most
are totally clean.

Does anyone have any idea what might be causing this traffic??  Anyone else
seeing this sort of thing?

Andrew Patrick





More information about the list mailing list