Browse Prior Art Database

Inappropriate TCP Resets Considered Harmful (RFC3360)

IP.com Disclosure Number: IPCOM000009262D
Original Publication Date: 2002-Aug-01
Included in the Prior Art Database: 2002-Aug-14
Document File: 20 page(s) / 47K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Floyd: AUTHOR

Abstract

This document is being written because there are a number of firewalls in the Internet that inappropriately reset a TCP connection upon receiving certain TCP SYN packets, in particular, packets with flags set in the Reserved field of the TCP header. In this document we argue that this practice is not conformant with TCP standards, and is an inappropriate overloading of the semantics of the TCP reset. We also consider the longer-term consequences of this and similar actions as obstacles to the evolution of the Internet infrastructure.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 6% of the total text.

Network Working Group� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � S. Floyd

Request for Comments: 3360� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ICIR

BCP: 60� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � August 2002

Category: Best Current Practice

� � � � � � � � � � � � � Inappropriate TCP Resets Considered Harmful

Status of this Memo

� � This document specifies an Internet Best Current Practices for the

� � Internet Community, and requests discussion and suggestions for

� � improvements.� Distribution of this memo is unlimited.

Copyright Notice

� � Copyright (C) The Internet Society (2002).� All Rights Reserved.

Abstract

� � This document is being written because there are a number of

� � firewalls in the Internet that inappropriately reset a TCP connection

� � upon receiving certain TCP SYN packets, in particular, packets with

� � flags set in the Reserved field of the TCP header.� In this document

� � we argue that this practice is not conformant with TCP standards, and

� � is an inappropriate overloading of the semantics of the TCP reset.

� � We also consider the longer-term consequences of this and similar

� � actions as obstacles to the evolution of the Internet infrastructure.

1.� Introduction

� � TCP uses the RST (Reset) bit in the TCP header to reset a TCP

� � connection.� Resets are appropriately sent in response to a

� � connection request to a nonexistent connection, for example.� The TCP

� � receiver of the reset aborts the TCP connection, and notifies the

� � application [RFC793, RFC1122, Ste94].

� � Unfortunately, a number of firewalls and load-balancers in the

� � current Internet send a reset in response to a TCP SYN packet that

� � use flags from the Reserved field in the TCP header.� Section 3 below

� � discusses the specific example of firewalls that send resets in

� � response to TCP SYN packets from ECN-capable hosts.

� � This document is being written to inform administrators of web

� � servers and firewalls of this problem, in an effort to encourage the

� � deployment of bug-fixes [FIXES].� A second purpose of this document

� � is to consider the longer-term consequences of such middlebox

� � behavior on the more general evolution of protocols in the Internet.

Floyd� � � � � � � � � � � � � � � � � � � Best Current Practice� � � � � � � � � � � � � � � � � [Page 1]

RFC 3360� � � � � � � � � � � � � � � Inappropriate TCP Resets� � � � � � � � � � � � August 2002

2.� The history of TCP resets.

� � This section gives a brief history of the use of the TCP reset in the

� � TCP standards, and argues that sending a reset in response to a SYN

� � packet that uses bits from the Reserved field of the TCP header is

� � non-compliant behavior.

� � RFC 793 contained the original specification of TCP in September,

� � 1981 [RFC793].� This document defined the RST bit in the TCP header,

� � and expl...