What happens to tcp packets when they are unable to finish the 3 way handshake?

Question

Firewall for a virtual dedicated server.
I was looking into how to prevent a FIN scan and it got me thinking about the consequences.
A lot of people are using this rule:

-p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j DROP

So when someone sends me a packet with a FIN = 1 , I'm unable to send FIN/ACK back.
It seems unlikely but does that mean my established connection won't be stopped ?
How does that work ? Does my connection stay alive and if so, for how long ?

How does that actually work when someone closes his / her browser ? It sends a FIN to my server, my server replies with FIN/ACK ... but the browser is unable to receive that, right ? Who gets the packet, where does it go ?

And what if ... a remote machine sends my server a SYN, my reply is SYN/ACK and let's say that I'm not getting the ACK back, how long is my server waiting for it ?

Is there a name for unfinished 3 way handshakes ? Thank you.

score 9 · Accepted Answer · edited May 23 '17 at 12:41

9

Is there a name for unfinished 3 way handshakes

This is called a half-open connection.

So when someone sends me a packet with a FIN = 1 , I'm unable to send FIN/ACK back. It seems unlikely but does that mean my established connection won't be stopped? How does that work ? Does my connection stay alive and if so, for how long?

It will eventually timeout. See also the TIME_WAIT state.

edited May 23 '17 at 12:41

Community

1

answered Apr 01 '12 at 23:54

Jeff Ferland

20,239
2
61
85

Having had the exact problem described, you diagnose this problem by seeing w-a-y more TCP_WAIT listings in `netstat` then there should be. – sysadmin1138 Apr 02 '12 at 02:33
component in a denial of service, anyone? :-) – Bart Silverstrim Apr 02 '12 at 11:10

What happens to tcp packets when they are unable to finish the 3 way handshake?

1 Answers1