Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

What are TCP flags, and how are they used for an "attack"?

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

What are TCP flags, and how are they used for an "attack"?

Old 01-13-04, 02:15 PM
  #1  
DVD Talk Hall of Fame
Thread Starter
 
Join Date: Jan 2002
Location: Exit 151
Posts: 9,048
Likes: 0
Received 0 Likes on 0 Posts
What are TCP flags, and how are they used for an "attack"?

Today my Norton sent me an alert which indicated that it had prevented a "TCP Flags Attack" on my computer.

I did a search for TCP flags and found it rather confusing.
Apparently a certain combination of these TCP flags can result in a compromise.
What are TCP Packets? Also, an ACL or access list was mentioned.

If the "attack" was successful, what would have been the result?
Is it similar to a trojan?

I'm running XP Pro, BTW, and was connected via a dial-up at the time if that makes any difference.
Old 01-13-04, 06:36 PM
  #2  
DVD Talk Ultimate Edition
 
Join Date: Jan 2001
Location: Seattle
Posts: 4,454
Likes: 0
Received 0 Likes on 0 Posts
TCP Flags are used to establish your connection. They are basically the handshake tags between you and whatever you are connecting too.

Some flags are SYN, ACK, FIN, RST, etc... You will see constant SYN and ACK flags if you looked at a TCP trace. SYN is basically the request for connection and ACK is the acknowledgement which goes to your packet question.

Most all types of communication (fibre channel, TCP/IP, ICMP, etc..) is done in the form of packets. When your computer sends a communication, it breaks up the comminication into small packets and the receiving end re-assebles these packets into your request. A packet will contain many things such as a TCP flag, your ACL, a data descriptor, a small portion of the data...plus some other stuff.

Sending data in packets allows for many things but mostly for bad networks. Because there is a descriptor in every packet, if there is a bad network connection and a packet gets dropped, the receiving end can request that packet be sent again.

An ACL contains the permissions to files and directories.

The only way I could see TCP flags as being an attack is someone could send a bunch of SYN FIN all at once which would terminate a connection or send an RST ACK which will end a connection immediately.

Last edited by palebluedot; 01-13-04 at 06:39 PM.
Old 01-13-04, 08:36 PM
  #3  
DVD Talk Hall of Fame
Thread Starter
 
Join Date: Jan 2002
Location: Exit 151
Posts: 9,048
Likes: 0
Received 0 Likes on 0 Posts
Thanks for your reply and info.

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.