2

This is what happened:

client - send syn

server - send icmp (unreachable host [i also try to add code =10] ) wait for 100 ms send syn-ack

client - send ack in response to the syn-ack.

Dosnt the client should reset the tcp handshake ,when icmp of unreachable host was sent? Is there any way to cause the client to reset the connection by sending some kind of ICMP?

The test was done on 2 Ubunto machine connected directly. In wireshark i see that icmp was revived before syn-ack and the connection was not reset. The client run telnet (on port 80) to server. In server run apache. I simulate the icmp before the synack by using python scapy.

Thank you

Avihai Marchiano
  • 612
  • 3
  • 16
  • 32

1 Answers1

2

Yes the client should stop attempting the connection... but:

  1. Many brain-dead ISPs block ICMP, or a subset of ICMP messages.
  2. Many NATs do not pass ICMP messages inward correctly.
  3. Many OSes block ICMP at their firewall.
  4. Many "security" suites block ICMP.
  5. Not all IP stacks respond to ICMP correctly.
  6. Not all applications/APIs respond to ICMP correctly.

With all that, the situation you described is not only more common than it should be but very common.

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • 1
    I will add this data to the question.The test was done on 2 Ubunto machine connected directly. In wireshark i see that icmp was revived before syn-ack and the connection was not reset. – Avihai Marchiano Aug 06 '12 at 19:16
  • What's the application? What network API is it using? – Chris S Aug 06 '12 at 19:23
  • BSD's Telnet defers to the OSes implementation of sockets.. It works perfectly on my FreeBSD box, so I can only assume that it's something in Linux. – Chris S Aug 06 '12 at 20:00
  • I also try IE running on windows as a client. let me be sure the scenario above that both icmp and syn-ack sent is working on your machine? – Avihai Marchiano Aug 06 '12 at 20:03
  • I'm not running Linux mind you, but yes, the moment the client receives the ICMP message `telnet` returns a `telnet: connect to address w.x.y.z: Permission denied` message. – Chris S Aug 06 '12 at 20:09
  • how did you simulate unreachable host icmp. – Avihai Marchiano Aug 06 '12 at 20:23