4

Firewall for a virtual dedicated server.
I was looking into how to prevent a FIN scan and it got me thinking about the consequences.
A lot of people are using this rule:

-p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j DROP

So when someone sends me a packet with a FIN = 1 , I'm unable to send FIN/ACK back.
It seems unlikely but does that mean my established connection won't be stopped ?
How does that work ? Does my connection stay alive and if so, for how long ?

How does that actually work when someone closes his / her browser ? It sends a FIN to my server, my server replies with FIN/ACK ... but the browser is unable to receive that, right ? Who gets the packet, where does it go ?

And what if ... a remote machine sends my server a SYN, my reply is SYN/ACK and let's say that I'm not getting the ACK back, how long is my server waiting for it ?

Is there a name for unfinished 3 way handshakes ? Thank you.

Kris
  • 1,347
  • 3
  • 15
  • 16

1 Answers1

9

Is there a name for unfinished 3 way handshakes

This is called a half-open connection.

So when someone sends me a packet with a FIN = 1 , I'm unable to send FIN/ACK back. It seems unlikely but does that mean my established connection won't be stopped? How does that work ? Does my connection stay alive and if so, for how long?

It will eventually timeout. See also the TIME_WAIT state.

Jeff Ferland
  • 20,239
  • 2
  • 61
  • 85