Sensors and Troubleshooting › CA Network Flow Analysis Sensors › RST-Only Sources
RST-Only Sources
The RST-Only Sources sensor looks for the following types of connections:
- Hosts that send out RST TCP packets with no ACK packets to acknowledge an open connection to a server
- Servers that receive only RST packets from certain hosts with no ACK or SYN packets.
Troubleshooting an RST-Only Sources Alert
An alert from the RST-Only Sources sensor may indicate one of the following issues:
- A server that is running out of resources for an active application.
Investigate whether a server upgrade is needed.
- A server that has a previously active application, which has become inactive.
Try restarting associated application services.
- Users who are connecting to the wrong server.
Check for DNS issues and correct any issues that you find.
- A host that is the victim of port-scanning activity.
Identify and use the firewall or ACL to block the offending host from sending data on the network while you investigate.
Copyright © 2013 CA.
All rights reserved.
|
|