2

I was just trying out the code snippet here for fun and learning. I did a wireshark capture on the interface and noticed something strange.

The SYN packets were sent out as expected and I seem to be receiving SYN ACKs in response. I have a sleep of about 5 seconds each after sending each SYN packet. I notice that my machine sends a RST packet to the server after receiving each SYN ACK even though there is no code for the same. Why does that happen and how could I prevent that from happening?

  • 1
    I'd assume your kernel handles the SYN/ACK replies. Since there never was a respective SYN packet sent and the reply is unwanted, the kernel sends back a RST reply. This is one of the reasons to spoof the IP address performing a SYN flood - if you don't, you degrade your link as well. – Michael Foukarakis Feb 12 '14 at 13:24

1 Answers1

0

I faced the same problem, but on searching a bit many said about adding a filter in the firewall, there by not allowing the kernel to send the RST packet.So looked into unix command iptables, where on OUTPUT chain you can apply a filter saying going to a specific dst with tcp protocol and RST flag set drop it. Command being:

sudo iptables -A OUTPUT -p tcp -d <dst-ip> --tcp-flag SYN,RST RST -j DROP
Gaurav Reddy
  • 66
  • 7