TCP half-open

The term half-open refers to TCP connections whose state is out of synchronization between the two communicating hosts, possibly due to a crash of one side. A connection which is in the process of being established is also known as embryonic connection. The lack of synchronization could be due to malicious intent.

RFC 793

According to RFC 793, a TCP connection is referred to as half-open when the host at one end of that TCP connection has crashed, or has otherwise removed the socket without notifying the other end. If the remaining end is idle, the connection may remain in the half-open state for unbounded periods of time.

Embryonic connection

Nowadays, however, the term half-open connection is most often used to describe an embryonic connection, i.e. a TCP connection which is in the process of being established.

TCP has a three state system for opening a connection. First, the originating endpoint (A) sends a SYN packet to the destination (B). A is now in an embryonic state (specifically, SYN_SENT), and awaiting a response. B now updates its kernel information to indicate the incoming connection from A, and sends out a request to open a channel back (the SYN/ACK packet).

At this point, B is also in an embryonic state (specifically, SYN_RCVD). Note that B was put into this state by another machine, outside of B's control.

Under normal circumstances (see denial-of-service attack for deliberate failure cases), A will receive the SYN/ACK from B, update its tables (which now have enough information for A to both send and receive), and send a final ACK back to B.

Once B receives this final ACK, it also has sufficient information for two-way communication, and the connection is fully open. Both endpoints are now in an established state.

gollark: Except you're *also* harming people by actively exploiting stuff, even if you look good.
gollark: Yes, you have complained about how people might not take vulnerability reports seriously, but that is not an excuse to just not make any.
gollark: But deliberately hoarding vulnerabilities is an active threat to the security of everything.
gollark: I mean, not releasing your software is... your choice, it's your stuff, I might not really like it but I don't consider it particularly bees.
gollark: !quote 723983650043199568

See also


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.