The principle of TCP reset attacks | homework after class

This paper is participating in theNetwork protocols must be known and must be known”Essay campaign

First, a brief introduction to TCP is required.

Let’s start by looking at the structure of TCP.

The serial number is the number of data bits successfully sent by the client, and the confirmation number is the number of data bits successfully received by the server. The SYN flag bit and the FIN flag bit also contain one bit.

Status bits are used to maintain the state of the connection, and packets with status bits are sent to change the state of the connection. For example, SYN initiates a connection, SCK replies, RST reconnects, and FIN ends the connection.

Window size, TCP is through the sliding window protocol control for flow control. To prevent sending too much data that the recipient cannot process, TCP sends the appropriate amount of information based on the size of the sliding window. Number of messages sent, equal to the size of the sliding window minus the difference between sent and received data.

Normally, we connect with three handshakes and disconnect with four waves. Four waves send the FIN flag. Instead of sending the packet immediately, it puts the packet into the buffer and sends the wave packet when the buffer content is finished.

However, if the RST status in the status bit is 1, it is abnormally closed, and the sender directly sends the RST packet and drops the cache for swap conflicts. If the receiver receives an abnormally closed packet, the receiver does not have to wait for all the packets in the buffer to be sent out, directly triggering the connect Reset by peer error.

The common conditions of sending RST packets are as follows:

• The syn that establishes the connection returns an RST when it reaches a port on which no service is being listened

• TCP wants to cancel an existing connection

• TCP received a non-existent connection

There are two common forms of RST attack:

• The emulated client sends syn packets repeatedly, and the server thinks the client has a problem and returns an RST packet

• The simulated client directly sends the RST packet, and the server receives the RST packet and closes the connection

One of the main points of an RST attack is to find the correct serial number mentioned above, which can usually be resolved by force because the serial number range is limited.