Firewall for a virtual dedicated server.
I was looking into how to prevent a FIN scan and it got me thinking about the consequences.
A lot of people are using this rule:
-p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j DROP
So when someone sends me a packet with a FIN = 1 , I'm unable to send FIN/ACK back.
It seems unlikely but does that mean my established connection won't be stopped ?
How does that work ? Does my connection stay alive and if so, for how long ?
How does that actually work when someone closes his / her browser ? It sends a FIN to my server, my server replies with FIN/ACK ... but the browser is unable to receive that, right ? Who gets the packet, where does it go ?
And what if ... a remote machine sends my server a SYN, my reply is SYN/ACK and let's say that I'm not getting the ACK back, how long is my server waiting for it ?
Is there a name for unfinished 3 way handshakes ? Thank you.
This is called a half-open connection.
It will eventually timeout. See also the TIME_WAIT state.