Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

TCP acknowledgement question 4

Status
Not open for further replies.
Zmilos

Zmilos

Technical User
Aug 30, 2007
1
YU
Hi,

please excuse my poor English.
I need help with the frequency of acknowledgement in TCP.

Does receiver always send one acknowledgement per received
segment or if more segments arrive in the same time the
receiver could send only one acknowledgement for all of them?
I'm currently using books such as TCP/IP guide,
TCP/IP Internetworking Comer etc., but I can't see this one.

Thank you for your time
and once again forgive my English
 
Sort by date Sort by votes
Upvote 0 Downvote
Sender sends a TCP-SYN packet, receiver sends SYN-ACK, sender sends TCP-ACK back to receiver, to acknowledge the SYN-ACK was received. DoS (Denial of Service) Attacks utilize this TCP technology by sending thousands of TCP-SYN packets from multiple different IP addresses (usually), and the server has to try and free up resources for each connection, and answer each SYN packet with a SYN-ACK. This can easily bring the server to its knees. One way to easily thwart this attack is TCP Intercept.
With TCP Intercept, the router that is configured with TCP Intercept will proxy-answer the SYN requests with a SYN-ACK of its own, and does not imediately pass the SYN packet to the server. If the requesting node answers the router with an ACK, then the packet is thought to be genuine, and therefor handed off to the intended server. If the sending node never answers the SYN-ACK that the router proxy-sends, then the TCP session is dropped, and the server never even sees it. The sessions can also be monitored instead of immediately dropped, so that you can log where the attack seems to be coming from.

Burt
 
Upvote 0 Downvote
This is what I was commenting on...

"The reciever cannot send an ACK that refers to more than one packet."

With DoS SYN-flood attacks, this is how thy work, actually, by the receiver (target) SYN-ACK'ing multiple packets from multiple spoofed IP addresses.

Burt
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

robocat
  • Locked
  • Question
Yet another TCP RST flag problem
Replies
0
Views
537
robocat
robocat
CryptoTuke
  • Locked
  • Question
Maximum buffer size on Winsock for sending one block of data over TCP / IP
Replies
1
Views
758
maybeimaleo
maybeimaleo
uuunnniiixxx
  • Locked
  • Question
Fieldbus vs TCP/IP
Replies
2
Views
417
meneerB
meneerB
TheFaz_
  • Locked
  • Question
Sending udp packets from fpga to the computer using Lwip tcp/ip stack using C programming
Replies
0
Views
515
TheFaz_
TheFaz_
F_Ionut
  • Locked
  • Question
TCP-IP over GPRS with Modbus
Replies
1
Views
187
robertjo24
robertjo24

Part and Inventory Search

Sponsor

Back
Top