«
»

Understanding TCP Connection Basics.

During a TCP connection, their are 6 TCP flags which are set in the packets which are transported to the target computer from the source computer. These flags indicate the state of the packet.

Valid values for the flags are

SYN -- Initial Request, sent by the source.
ACK -- Acknowledgement to the initial request. Sent by the target confirming the receipt of SYN.

FIN -- Finish Request.

URG -- Urgent Request.

PSH -- Push Request.

RST -- Reset. 

The combination of these above mentioned flags sets the control connection session at various times.

The real implementation of these flags starts from the very time a source computer tries to establish a session with a target computer.

The process flow for the same goes as mentioned below

1.) Source Computer sends a SYN request.

2.) Target computer, upon the receipt of a SYN request, sends back a SYN-ACK request/response. 

3.) Source computer again sends back an ACK message to the target computer. This confirms the connection.

TCP-Connection basics

TCP-Connection basics

The above mentioned process is known as a 3-Way handshake process for TCP connections. 

Now, while at this topic, lets also take up the importance of these flags and the TCP communication basics to see if an alteration in the flag setting can lead to a Denial of Service (DoS) for the Web application. 

Lets assume a scenario where in a malicious machine is only sending SYN packets for the connections and has been configured to not send any ACK flag. 

1.) Source computer sends a SYN request to the target computer. 

2.) Target computer responds back with a SYN-ACK. 

3.) Source computer instead of sending ACK, sends back a SYN request. 

Understanding How modifying TCP flags can lead to DoS attack

Understanding How modifying TCP flags can lead to DoS attack

The above process leads to the scenario wherein the target computer always opens up a new connection upon the receipt of SYN request, allocates specific memory for the connection and keeps the memory allocated till the connection times out. This may lead to a situation wherein the target computer runs out of the memory pool and denies any further connections. This is called Denial of Service.

You might also be interested in downloading TCP/IP Fundamentals for Microsoft Windows (PDF Digital Format) 

Also read: Understanding NULL Session Attacks

Hacking Ruby on Rails

Learn to Hack )

Serial Numbers and CD Keys of Softwares brought to you by Google.

[How-To] Bypassing Passwords in Windows

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Cheers

Vaibhav Pandey

Related posts:

  1. Understanding HTTP Cookies
  2. Understanding NULL Session Attacks
  3. What is Gmail’s Flaky Connection Mode?
  4. Learning the basics of Service Oriented Architecture
  5. Understanding Prefetching

This entry was posted on Monday, October 20th, 2008 at 1:25 pm and is filed under Tutorials, hacking. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Understanding TCP Connection Basics.”

  1. Nice blog, I love to see this kind of content, keep up the good work.

  2. [...] Also read: Understanding TCP Connection Basics. [...]

  3. [...] TCP/IP and UDP Ports on your Computer with TCPEye In my earlier article i wrote about the basics of TCP/IP Connections and also about TCPView which can be used to list all open TCP and UDP Connections. In this article [...]

Leave a Reply