Understanding TCP Connection Basics.

During a TCP connection, their are 6 TCP flags which are set in the packets which are transported to the target computer from the source computer. These flags indicate the state of the packet.

Valid values for the flags are

SYN -- Initial Request, sent by the source.
ACK -- Acknowledgement to the initial request. Sent by the target confirming the receipt of SYN.

FIN -- Finish Request.

URG -- Urgent Request.

PSH -- Push Request.

RST -- Reset. 

The combination of these above mentioned flags sets the control connection session at various times.

The real implementation of these flags starts from the very time a source computer tries to establish a session with a target computer.

The process flow for the same goes as mentioned below

1.) Source Computer sends a SYN request.

2.) Target computer, upon the receipt of a SYN request, sends back a SYN-ACK request/response. 

3.) Source computer again sends back an ACK message to the target computer. This confirms the connection.

TCP-Connection basics

TCP-Connection basics

The above mentioned process is known as a 3-Way handshake process for TCP connections. 

Now, while at this topic, lets also take up the importance of these flags and the TCP communication basics to see if an alteration in the flag setting can lead to a Denial of Service (DoS) for the Web application. 

Lets assume a scenario where in a malicious machine is only sending SYN packets for the connections and has been configured to not send any ACK flag. 

1.) Source computer sends a SYN request to the target computer. 

2.) Target computer responds back with a SYN-ACK. 

3.) Source computer instead of sending ACK, sends back a SYN request. 

Understanding How modifying TCP flags can lead to DoS attack

Understanding How modifying TCP flags can lead to DoS attack

The above process leads to the scenario wherein the target computer always opens up a new connection upon the receipt of SYN request, allocates specific memory for the connection and keeps the memory allocated till the connection times out. This may lead to a situation wherein the target computer runs out of the memory pool and denies any further connections. This is called Denial of Service.

Also read: Understanding NULL Session Attacks

Hacking Ruby on Rails

Learn to Hack )

Serial Numbers and CD Keys of Softwares brought to you by Google.

[How-To] Bypassing Passwords in Windows

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Cheers

Vaibhav Pandey

Advertisements

2 Responses

  1. Nice blog, I love to see this kind of content, keep up the good work.

  2. […] Also read: Understanding TCP Connection Basics. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: