red0ct

Asked: 2021-06-18 11:03:46 +0800 CST2021-06-18 11:03:46 +0800 CST 2021-06-18 11:03:46 +0800 CST

Does TCP RST packet along with other flags set valid?

When I researched some methods of DDoS protection I faced with some firewall rule which limit packets with RST bit set to 60 per second. Indeed it makes some sense. But it also doesn't check the other flags.
For me it seems that packets with RST flag set and also some other flags set are invalid, so we can drop/reject it.

The questions is: can in practice we see valid TCP RST packets along with other TCP flags (bits) set?

Here is the Linux Iptables rule I'm talking about:

iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT

I think it should be something like:

iptables -A INPUT -p tcp --tcp-flags ALL RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT

Source: IPtables DDoS Protection for VPS

Does TCP RST packet along with other flags set valid?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Does TCP RST packet along with other flags set valid?

0 Answers