During a TCP connection, their are 6 TCP flags which are set in the packets which are transported to the target computer from the source computer. These flags indicate the state of the packet.
Valid values for the flags are SYN -- Initial Request, sent by the source. ACK -- Acknowledgement to the initial request. Sent by the target confirming the receipt of SYN. FIN -- Finish Request. URG -- Urgent Request. PSH -- Push Request. RST -- Reset.
The combination of these above mentioned flags sets the control connection session at various times.
The real implementation of these flags starts from the very time a source computer tries to establish a session with a target computer.
The process flow for the same goes as mentioned below
1.) Source Computer sends a SYN request.
2.) Target computer, upon the receipt of a SYN request, sends back a SYN-ACK request/response.
3.) Source computer again sends back an ACK message to the target computer. This confirms the connection.
The above mentioned process is known as a 3-Way handshake process for TCP connections.
Now, while at this topic, lets also take up the importance of these flags and the TCP communication basics to see if an alteration in the flag setting can lead to a Denial of Service (DoS) for the Web application.
Lets assume a scenario where in a malicious machine is only sending SYN packets for the connections and has been configured to not send any ACK flag.
1.) Source computer sends a SYN request to the target computer.
2.) Target computer responds back with a SYN-ACK.
3.) Source computer instead of sending ACK, sends back a SYN request.
The above process leads to the scenario wherein the target computer always opens up a new connection upon the receipt of SYN request, allocates specific memory for the connection and keeps the memory allocated till the connection times out. This may lead to a situation wherein the target computer runs out of the memory pool and denies any further connections. This is called Denial of Service.
Also read: Understanding NULL Session Attacks
You can follow me on Twitter at http://twitter.com/vaibhav1981
Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.