Tod Beardsly over at breakingpoint labs has identified a rarely recognized section of RFC 793 that allows you to deviate from the normal three way handshake. Rather than doing
Which is the "normal" way of doing the three way handshake you can instead do:
Read the full post, containing packet captures and more at http://www.breakingpointsystems.com/community/blog/tcp-portals-the-three-way-handshake-is-a-lie
A ----syn-----> B
A <---synack--- B
A ----ack-----> B
Which is the "normal" way of doing the three way handshake you can instead do:
A ----syn-----> BThe change in direction could allow you to bypass stateful firewalls, bypass intrusion detection or prevention devices and perhaps change the synflood or spoofing landscape. He has successfully tested this against the major OS's.
A <---syn------ B
A ----synack--> B
A <---ack------ B
Read the full post, containing packet captures and more at http://www.breakingpointsystems.com/community/blog/tcp-portals-the-three-way-handshake-is-a-lie
