*** Welcome to piglix ***

TCP reset attack


reset attack, also known as "forged TCP resets", "spoofed TCP reset packets" or "TCP reset attacks". These terms refer to a method of tampering with Internet communications. Sometimes, the tampering is malicious; other times, it is beneficial.

The Internet is, in essence, a system for individual computers to exchange electronic messages, or packets of IP data. This system includes hardware to carry the messages (such as copper and fiber optics cables) and a formalized system for formatting the messages, called "protocols". The basic protocol used on the Internet is the , which is usually coupled with additional protocols such as TCP () or UDP (). TCP/IP is the protocol set used for email and web browsing. Each protocol has a block of information, called a header, included near the front of each packet. Headers contain information about which computer sent the packet, which computer should receive it, the packet size, etc.

TCP is used with IP when a two-way virtual connection is required between two computers. (UDP on the other hand is a connectionless IP protocol.) TCP software on the two machines which will communicate (for example a workstation with a browser and a web server) by exchanging a stream of packets. Using a TCP connection gives the computers an easy way to exchange data items too big for a single packet, such as video clips, email attachments, or music files. Although some web pages are small enough for a single packet, they are sent over TCP connections for convenience.

In a stream of packets of a TCP connection, each packet contains a TCP header. Each of these headers contains a bit known as the "reset" (RST) flag. In most packets this bit is set to 0 and has no effect; however, if this bit is set to 1, it indicates to the receiving computer that the computer should immediately stop using the TCP connection; it should not send any more packets using the connection's identifying numbers, called ports, and discard any further packets it receives with headers indicating they belong to that connection. A TCP reset basically kills a TCP connection instantly.

When used as designed, this can be a useful tool. One common application is the scenario where a computer (computer A) crashes while a TCP connection is in progress. The computer on the other end (computer B) will continue to send TCP packets since it does not know that computer A has crashed. When computer A reboots, it will then receive packets from the old pre-crash connection. Computer A has no context for these packets and no way of knowing what to do with them, so it might send a TCP reset to computer B. This reset lets computer B know that the connection is no longer working. The user on computer B can now try another connection or take other action.


...
Wikipedia

...