IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [tcp]

Transmission Control Protocol (TCP) is a transport layer protocol that provides a connection-oriented data stream service with guaranteed, in-order delivery.

Transmission Control Protocol (TCP) is a transport layer protocol that provides a connection-oriented data stream service with guaranteed, in-order delivery on top of the underlying packet-oriented, unreliable IP layer. TCP is referred to as a connection-oriented protocol. This is opposed to UDP, which offers a relatively bare-bones unreliable all-or-nothing delivery of discrete packets and referred to as a connection-less protocol.

There is more information at the Wikipedia article on TCP.

305 questions
8
votes
1 answer

Strange responses from an unfamiliar HTTP server

I noticed an unfamiliar device when scanning my local wireless network. It had two open (listening?) TCP ports; TCP/80 (http?) & TCP/443 (https?). In an effort to identify the unfamiliar device; I exercised some basic banner-grabbing techniques,…
voices
  • 1,649
  • 7
  • 22
  • 36
7
votes
2 answers

Why do ISPs allow faked source IP addresses?

Ok so apparently you can specify a source IP when doing a SYN request or something. Besides just asking why in the world that would even be allowed, I will move past that because I want to understand how these things work, like SYN floods. When a…
terikan
  • 71
  • 1
7
votes
3 answers

Can you sniff traffic to ip address from outside of your network?

I am not sure what it is called or even if it is possible but here is the scenario I am curious about: I login to a site that does not use SSL/TLS to do some work (unfortunately I must use this site and have already told the owners to fix it). My…
user68784
  • 71
  • 1
  • 3
7
votes
3 answers

How could a SYN flood affect a home router

I was curious how a DoS attack would affect a home router. In particular, I'm interested in how a SYN flood would affect a home router. The reason I'm interested is due to a Cisco document I read. Within the document, it said SYN flood attacks can…
Spencer D
  • 770
  • 1
  • 5
  • 13
7
votes
1 answer

Are there any situations when one can only mount a passive MITM?

This came up while discussing Web & insecure HTTP - Using RSA for encrypting passwords on the client side Is there any such situation possible when requesting an HTTP page where an attacker is able to read all the communications but is not able to…
Manishearth
  • 8,237
  • 5
  • 34
  • 56
7
votes
1 answer

Why is the server returning 3 SYN + ACK packets during a SYN scan?

When you do a SYN scan against a opened TCP port (not filtered by Firewall), the server normally returns 3 SYN + ACK packets. So, why 3 of that? The target server is a Linux machine if relevanted to this question, and the scanner in use is NMAP.
daisy
  • 1,735
  • 3
  • 25
  • 39
7
votes
3 answers

Stopping DDOS TCP SYN and UDP flood attacks

I would like to know if it's possible to stop a TCP SYN OR ICMP Flood attacks if these attacks are detected at time. What is the most accurate process to filter these addresses if the only way is to block the IP addresses of the botnet.
maya-bf
  • 73
  • 1
  • 1
  • 4
7
votes
4 answers

implications of incomplete TCP handshake session

In network security, why do we care about knowing incomplete TCP handshake sessions? Is there a security implication behind this?
steve
  • 85
  • 1
  • 4
6
votes
3 answers

FIN Attack- What is this type of attack really?

I just wanted to know what exactly is the FIN attack. I know about the FIN flag that is used to indicated the closing of a connection via TCP. But what exactly is FIN attack?
Everone Graham
  • 63
  • 1
  • 1
  • 5
6
votes
1 answer

Security implications for two applications communicating with TCP/IP on localhost

Considering this for the local loopback connection: - It is implemented entirely within the operating system's networking software and passes no packets to any network interface controller. If two applications on the same machine communicate with…
TheDarkKnight
  • 195
  • 7
6
votes
2 answers

If two programs on the same machine communicate through TCP, can it be seen from the outside?

Assume there are two programs running on the same computer at the same time. The computer is connected to a LAN. The two programs communicate via a TCP socket, and the socket is opened using the IP address of the computer on the network, for example…
vsz
  • 707
  • 1
  • 8
  • 19
5
votes
1 answer

Do concurrent connections to an HTTPS website perform separate SSL handshakes?

I know that most browsers nowadays support around 6 concurrent TCP sessions per hostname, to perform multiple requests at the same time. For sites which utilise SSL, is there a separate handshake performed for each TCP session, or is a single SSL…
fruglemonkey
  • 153
  • 4
5
votes
1 answer

How are ACK storms created and what's a good mitigation strategy for them?

The context is network based load balancers. It would be nice if someone could explain how TCP ACK storms are generated in real life and practical mitigation strategies for them. Edit: Clarification on "mitigation strategies". The platform consists…
DeepSpace101
  • 2,143
  • 3
  • 22
  • 35
5
votes
1 answer

Retrieving client certificate using Tcpdump results in zero length certificate

I am trying to proxy a mobile app (with Fiddler), which sends a client certificate to the server it connects to. I would think that capturing traffic with Tcpdump, retrieving the client certificate and using it with fiddler would be enough to bypass…
Spyros
  • 153
  • 1
  • 5
5
votes
2 answers

Is SYN DDoS the only type of TCP DDoS?

I have been reading up on different types of DDoS attacks recently and came upon DDoS distribution by type in 2017, by Kaspersky Labs. They list 5 different DDoS types: SYN, TCP, UDP, HTTP, ICMP In all other resources that I have come across so far,…
afaf12
  • 153
  • 5
1 2
3
20 21