LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-13-2005, 06:38 AM   #1
syseeker
Member
 
Registered: Aug 2003
Posts: 66

Rep: Reputation: 15
How linux TCP handle (RST,SYN) at initial connection establishment


Hi,

I need some clarification on how TCP reacts to incoming (RST, SYN) during 3-way handshaking process.

RFC 793, p36, states the following:

"In all states except SYN-SENT, all reset (RST) segments are validated by checking their SEQ-fields [sequence numbers]. A reset is valid if its sequence number is in the window. In the SYN-SENT state (a RST received in response to an initial SYN), the RST is acceptable if the ACK field acknowledges the SYN."


My questions are:

1) According to RFC 793, an established TCP connection can be reset by sending suitable TCP packets with the (RST,SYN). During the connection establishment stage, does the client suffers the same risk?

At SYN-SENT state, if a good client is under attack by (RST, SYN) flood, does (RST, SYN) packets reset the client's connections (to avoid its connection to destined server)? Assume that in the (RST, SYN) packet, the ACK sequence number correctly acknowledges the client's SYN, but TCP ACK flag is not set(or, if set, does it affects?).

2) At TCP connection establishment, will (RST, ACK) flooding occur to avoid any connection request to the target server? Assume (RST,ACK) packets' source IP have been spoofed to be target server IP.

Last edited by syseeker; 01-13-2005 at 08:20 AM.
 
Old 01-14-2005, 05:20 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
If I remember correctly, there was a modification after the problem was mentioned (sometime last year). Don't remember the details, unfortunately.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Increasing TCP initial window to 3 segments (rfc 2414 or 3390) nenderle Linux - Networking 1 06-08-2009 05:16 AM
TCP packet flags (SYN, FIN, ACK, etc) and firewall rules TheLinuxDuck Linux - Security 12 04-29-2005 12:30 AM
programming in c, problem TCP -> SYN,... bebe531 Programming 1 05-25-2004 03:58 PM
RH 7.3 Server infected with Linux.Jac.8759 and Linux.RST.B virus osso09 Linux - Security 10 11-18-2003 12:37 AM
Blocking TCP | SYN scans robeb Linux - Security 3 05-19-2002 09:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration