FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

rtcs question. using MCF52259 MQX 3.8. How can I prevent a SYN/ACK attack

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

rtcs question. using MCF52259 MQX 3.8. How can I prevent a SYN/ACK attack

‎07-31-2013 07:13 AM
371 Views
drummer
Contributor IV

I am using tcp/ip stream sockets for connection to host computer. I only want the first computer that connects to me to be the computer that I connect to.

When the software on the host side decides to download files to me it breaks the polling connection and I accept a new connection and shutdown the previous connection.

Sometimes customers mistakenly assign the same ip address on two computers. In this case the other computer send SYN/ACK breaking my connection with the first computer. I need a method that will allow me to re-establish my connection with the first computer and somehow shut up the second computer.

If I shutdown the socket that creates the problem it just continues harassing me until I crash.

Labels (1)
0 Kudos
Reply
2 Replies

‎07-31-2013 11:46 PM
230 Views
Martin_
NXP Employee
NXP Employee

as the source and destination IP is the same, I guess you can distinguish between the two computers by reading the source MAC address, and implement some kind of filtering on the Ethernet layer 2. this might work if computers are connected via Layer 2 switch - means you have the MAC addresses of the individual computers available with the incoming Etherent packets.

However, if the computers are connected to the same router, I guess the source MAC address will be always the MAC address of the router. In this case, perhaps you can implement some logic based on 802.1Q tag, assuming your customers won't configure the same IP and the same 802.1Q tag on two different computers, or maybe you could use Identification field of the IPv4 packet header.

Reply

‎08-01-2013 09:13 AM
230 Views
drummer
Contributor IV

Thanks Martin for sharing the pain.

I was checking the ip address of the requesting computer to see if it matched the first computer that originally connected.

If the new connection didn't have the same ip address I would ignore it and return to the accept to look for a new connection.

This was an error because a new socket is created every time you break out of the accept.

Eventually you will run out of memory.

So I added a shutdown if the ip didn't match.

This is also an error because the foreign computer wouldn't give up and continued trying to connect.

So I now accept the connection from the foreign computer and create a socket for it but my comms routine ignores it.

This satisfies the foreign computer and it stops the SYN/ACK attack.

0 Kudos
Reply