I have a MITM attack set up in my lab using the sslstrip/ettercap/FakeAP/DHCP3-server script created by Em3rgency (similar to Easy-creds).

The attack runs fine for a couple minutes. I signed on with my iPhone and was able to test a login or two, which showed up in the log as it should. But after a little bit of activity, I get this:


After which, the AP is no longer visible from client computers, and traffic no longer flows through the fake AP (webpages won't load, no more data is logged).

I spent a fair amount of time googling this, and so far, I found mention that this error may refer to when a user forcibly terminates their connection on their end; that it's nothing to worry about. That doesn't appear to be the case here. I'm all ears(eyes) if anyone has any suggestions.

This is a stock install of BT5r3 KDE x32 on a VM. I have run apt-get update/upgrade, and that's about it. Any ideas? Thanks.