Security Basics mailing list archives
How TCP handle (RST,SYN) at initial connection establishment
From: Lim Boon Ping <syseeker () yahoo com>
Date: Thu, 13 Jan 2005 04:20:23 -0800 (PST)
Hi, I need some clarification on how TCP reacts to incoming (RST, SYN) during 3-way handshaking process. In this case, assumptions are made such that (1) attacker manages to conquer 1 router in front of victim server. (2) instead of consuming server / bandwidth resources by flooding,the attacker would send (RST, SYN) or (RST, ACK) or simply RST upon receiving of any SYN request towards victim server. RFC 793, p36, states the following: "In all states except SYN-SENT, all reset (RST) segments are validated by checking their SEQ-fields [sequence numbers]. A reset is valid if its sequence number is in the window. In the SYN-SENT state (a RST received in response to an initial SYN), the RST is acceptable if the ACK field acknowledges the SYN." My questions are: 1) According to RFC 793, an established TCP connection can be reset by sending suitable TCP packets with the (RST, SYN). During the connection establishment stage, does the client suffer the same risk? At SYN-SENT state, what happen if the client receives (RST, SYN) spoofed by the attacker with Source IP=victim server IP? Assume that in the (RST, SYN) packet, the ACK sequence number correctly acknowledges the client's SYN, but TCP ACK flag is not set (can it be in this way?). 2) At TCP connection establishment, can (RST, ACK) or simply RST flooding toward client side will avoid any connection request to the victim server? ===== Best regards, Boon Ping, Lim --------------------------------------- Graduate Student Multimedia University Cyberjaya, Malaysia __________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail
Current thread:
- How TCP handle (RST,SYN) at initial connection establishment Lim Boon Ping (Jan 13)
- Re: How TCP handle (RST,SYN) at initial connection establishment Davide (Jan 14)