Let's enter a more important part: TCP connection handshake process. This process is simply divided into three steps. In nothing, the Acceptor (We are for the server), the server is in the Listen state, waiting for other machines to send the connection request. First step: The client sends a request with the SYN bit, indicating that the server needs to be connected, such as the send package assumes the request number 10, then: syn = 10, ACK = 0, then Waiting for the response of the server. Step 2: After the server receives such a request, check if the listen is the specified port, otherwise, send the RST = 1 answer, refuse to establish a connection. If the server is received, the server sends a confirmation. SYN is a built-in internal code of the server, assuming that is 100, the ACK bit is the client's request serial number plus 1, the data sent in this example is: = 100, ACK = 11, sent to the client with such data. To the client, the server connection is ready, waiting for the client's confirmation After receiving the message, the information obtained is analyzed, ready to send a confirmation connection signal to the server. Step 3: Customer The end sends a confirmation to establish a message to the server. Confirm that the SYN bit of the information is the ACK bit sent by the server, and the ACK bit is the SYN bit plus 1 of the server. That is: SYN = 11, ACK = 101. At this time, the connection has been established. Then send data,. This is a basic request and connection process. It should be noted that the relationship between these logo is, such as SYN, ACK. The server's Buffer Queue is not immediately established with the client at each receiving SYN request, but is allocated to the connection request, set a session, and put it One waiting queue. If this waiting queue is full, then the server is not allocating anything for a new connection, directly discarding new requests. If it is such a point, the server is refused to serve. If the server receives an RST bit message, then it is considered that this is an error, which will clear this connection in the buffer queue according to the client IP. This has an impact on IP spoof and can be used to do DOS attacks. The above introduction, we understand the TCP protocol, as well as the connection process. There are two ways to implement the reject service attack on Server, and there are two ways: 1. Forcing the server's buffer, no new requests. Second, use IP spoof, force the server to reset the legal user's connection, affect the legitimate user's connection. This is the basic idea of DOS attack implementation. The specific implementation has a method: The logo TCP connection request. When the server is received, it is considered that the connection request is not established, so the session is established for these requests to the buffer queue. If your SYN request exceeds the limit of the server, the buffer queue is full, then the server will no longer receive new requests. Other legitimate users' connections are rejected.
