Firewalls: Re: TCP Header Flags

Firewalls
(August 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: TCP Header Flags
From:	Darren Reed <avalon @ coombs . anu . edu . au>
Date:	Sat, 12 Aug 1995 16:34:40 +1000 (EST)
To:	njs @ scifi . maid . com (Nick Simicich)
Cc:	carsten @ group . com, firewalls @ GreatCircle . COM
In-reply-to:	<Pine . 3 . 89 . 9508111706 . G9157-0100000 @ scifi . maid . com> from "Nick Simicich" at Aug 11, 95 06:04:41 pm

In some mail from Nick Simicich, sie said:
> 
> On Fri, 11 Aug 1995, Carsten Schafer wrote:
> 
> > I have recently been getting lots of packets with the SYN bit set
> > and a combination of PUSH, URG and RST.  Our packet filter seems
> > to throw away anything with a SYN bit set.  I guess I'm wondering
> > which packets are considered connection requests by TCP when the packet
> > contains a SYN bit.  Are packets containing the SYN flag and no others
> > considered connection requests?  Most of the packets with the other flags
> > set seem to be in response to HTTP requests.
> 
> The initial request for a TCP connection has the SYN bit set, but not the 
> ACK bit.  Every other TCP packet in a connection has the ACK bit set, 
> including the response to the initial SYN, which also has the SYN bit 
> set.  

Wrong.

FIN can be set alone - or at least that is what all the FSM diagrams
describing it seem to suggest, only that more often than not, the FIN
is sent with an ACK for data.

darren

References:

Re: TCP Header Flags
From: Nick Simicich <njs @ scifi . maid . com>

Indexed By Date	Previous:	Re: Solaris VR4-Basic Security Module From: Darren Reed <avalon @ coombs . anu . edu . au>
Indexed By Date	Next:	Re: Encrypted data across national boundaries??? From: martadue @ vol . it (Marco Tarquini)
Indexed By Thread	Previous:	Re: TCP Header Flags From: Nick Simicich <njs @ scifi . maid . com>
Indexed By Thread	Next:	To OS or 0 2 OS From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)