How TCP handle (RST,SYN) at initial connection establishment

[Lim Boon Ping <syseeker () yahoo com>]

Hi,

I need some clarification on how TCP reacts to
incoming (RST, SYN) during 3-way handshaking process.
In this case, assumptions are made such that 

   (1) attacker manages to conquer 1 router in front
of victim server.

   (2) instead of consuming server / bandwidth
resources by flooding,the attacker would send (RST,
SYN) or (RST, ACK) or simply RST upon receiving of any
SYN request towards victim server.

RFC 793, p36, states the following:

"In all states except SYN-SENT, all reset (RST)
segments are validated by checking their SEQ-fields
[sequence numbers]. A reset is valid if its sequence
number is in the window. In the SYN-SENT state (a RST
received in response to an initial SYN), the RST is
acceptable if the ACK field acknowledges the SYN."

My questions are:

1) According to RFC 793, an established TCP connection
can be reset by sending suitable TCP packets with the
(RST, SYN). During the connection establishment stage,
does the client suffer the same risk?

At SYN-SENT state, what happen if the client receives
(RST, SYN) spoofed by the attacker with Source
IP=victim server IP? Assume that in the (RST, SYN)
packet, the ACK sequence number correctly acknowledges
the client's SYN, but TCP ACK flag is not set (can it
be in this way?).

2) At TCP connection establishment, can (RST, ACK) or
simply RST flooding toward client side will avoid any
connection request to the victim server? 


=====
Best regards,
Boon Ping, Lim
---------------------------------------
Graduate Student
Multimedia University
Cyberjaya, Malaysia


                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Helps protect you from nasty viruses. 
http://promotions.yahoo.com/new_mail