Academic Journals Database
Disseminating quality controlled scientific knowledge

The TCP Split Handshake: Practical Effects on Modern Network Equipment

Author(s): Tod Beardsley | Jin Qian

Journal: Network Protocols and Algorithms
ISSN 1943-3581

Volume: 2;
Issue: 1;
Start page: 197;
Date: 2010;
Original page

Keywords: IDS | networking | security | simultaneous-open | split-handshake | TCP | TCP/IP

Many network engineers might presume that the TCP three way handshake is the one,inviolate method of establishing TCP connections. A smaller percentage of engineers are also familiar with the little-used "simultaneous-open" connection method of establishing TCP connections. Researchers have discovered a third means to initiate TCP sessions, dubbed the "split-handshake" method, which blends features of both the three way handshake and the simultaneous-open connection. Popular TCP/IP networking stacks respect this novel handshaking method, including Microsoft, Apple, and Linux stacks, with no modification. Given the novelty of the split-handshake technique, session aware devices have had very little formal testing to determine their effectiveness in relation to sessions established in this way. The authors audit a number of intrusion detection devices, NAT gateways, port scanners, and firewalls, and unexpected behavior was observed within each class of device and application. This inconsistent behavior leads to the conclusion that such network-aware devices and applications should undergo more rigorous testing by their respective manufacturers in an effort to reliably detect malicious traffic, handle network address translation more effectively,and detect the presence of servers offering this form of session establishment.
Why do you need a reservation system?      Save time & money - Smart Internet Solutions