TCP half-open: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 21:22, 11 September 2008 edit Lime~enwiki (talk \| contribs) 45 edits m broken link double http ← Previous edit		Latest revision as of 14:46, 10 May 2025 edit undo Kvng (talk \| contribs) Extended confirmed users, New page reviewers 116,086 edits format endmatter
(30 intermediate revisions by 22 users not shown)
Line 1: {{unreferenced\|date=May 2017}} TCP connections are referred to as ''half-open'' when the station at one end of the TCP connection has crashed, or otherwise removed the socket without formally notifying the other end of the TCP connection.▼ ~~Due~~The toterm ~~the~~'''half-open''' ~~stateless~~refers ~~nature of the~~to [[Transmission Control Protocol,\|TCP]] itconnections whose state is ~~possible~~out of ~~that~~synchronization ifbetween the ~~end~~two communicating hosts, possibly due to a crash of ~~the~~one ~~connection~~side. onA connection which is in the ~~socket~~process of ~~still~~being ~~exists~~established is ~~not~~also ~~expecting~~known aas ~~response,~~'''embryonic ~~then~~connection'''. ~~the~~ ~~socket~~The ~~may~~lack ~~persist~~of ~~indefinitely~~synchronization incould ~~this~~be ~~state,~~due ~~known~~to as ~~half-open~~[[SYN flood\|malicious intent]]. == RFC 793 == ~~Note: A common misconception is that the term TCP half-open applies to an partially completed TCP handshake state. A better term for this state is an embryonic state.~~ ▲According to [http://www.ietf.org/rfc/rfc0793.txt RFC 793], a TCP ~~connections~~connection ~~are~~is referred to as ''half-open'' when the ~~station~~host at one end of ~~the~~that TCP connection has crashed, or has otherwise removed the socket without ~~formally~~ notifying the other end. of If the ~~TCP~~remaining end is idle, the connection may remain in the half-open state for unbounded periods of time. == Stateful Firewall Timeout == Another circumstance that can lead to half-open connections is if a [[stateful firewall]] times out a connection that is idle for too long. In this case, the firewall clears its internal state, and if either side of the connection sends a packet, the firewall will drop the packet. This will often result in a half-open connection as the two sides of the connection can end up with inconsistent connection states. == Embryonic connection == The term ''half-open connection'' can also be used to describe an '''embryonic connection''', i.e. a [[Transmission Control Protocol\|TCP]] connection that is in the process of being established. [[Transmission Control Protocol\|TCP]] has a [[Three-way handshake\|three state system]] for opening a connection. First, the originating endpoint (A) sends a [[SYN (TCP)\|SYN packet]] to the destination (B). A is now in an embryonic state (specifically, SYN_SENT), and awaiting a response. B now updates its kernel information to indicate the incoming connection from A, and sends out a request to open a channel back (the [[SYN/ACK]] packet). At this point, B is also in an embryonic state (specifically, SYN_RCVD). Note that B was put into this state by another machine, outside of B's control. Under normal circumstances (see [[denial-of-service attack]] for deliberate failure cases), A will receive the SYN/ACK from B, update its tables (which now have enough information for A to both send and receive), and send a final ACK back to B. Once B receives this final ACK, it also has sufficient information for two-way communication, and the connection is fully open. Both endpoints are now in an established state. == See also == * [[SYN flood]] * [[Transmission Control Protocol]]▼ * [[~~Embryonic~~SYN ~~connection~~cookies]] * [[Stateful firewall]] == References == {{refbegin}} Twingate. (n.d.). ''What is a TCP Half Open Scan?''. Retrieved May 2, 2025, from [https://www.twingate.com/blog/glossary/tcp-half-open-scan](https://www.twingate.com/blog/glossary/tcp-half-open-scan) Palo Alto Networks. (n.d.). ''TCP Half Closed and TCP Time Wait Timers''. Retrieved May 2, 2025, from [https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/session-settings-and-timeouts/tcp/tcp-half-closed-and-tcp-time-wait-timers](https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/session-settings-and-timeouts/tcp/tcp-half-closed-and-tcp-time-wait-timers) Sanchit Gurukul. (n.d.). ''Understanding TCP Half-Open Connections''. Retrieved May 2, 2025, from [https://sanchitgurukul.com/understanding-tcp-half-open-connections](https://sanchitgurukul.com/understanding-tcp-half-open-connections) ▲ [[Category:Transmission Control Protocol\|Half-Open]] {{refend}} == External links == * [http://www.ietf.org/rfc/rfc0793.txt ~~Transfer~~Transmission Control Protocol DARPA Internet Program Protocol Specification]