Fix RST attack and add cross-references to it #9

- Fix RST example mentioning a wrong actor #9 - Add cross-references to RST packet information - Formulate RST flag scenario in a more clear way
undergroundwires · Oct 19, 2021 · 42bf482 · 42bf482
1 parent d7f471b
commit 42bf482
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/chapters/03-scanning-networks/tcpip-basics.md b/chapters/03-scanning-networks/tcpip-basics.md
@@ -88,7 +88,9 @@
   - **Reset (`RST`)**
     - `1` aborts the connection in response
     - Sent from the receiver to the sender when a packet is sent to a particular host that was not expecting it.
-    - Also used to determine [whether a port is open](./scanning-techniques.md#rfc-793-scans)
+    - Also used as
+      - DDoS attack, see [`RST` attack](./../13-web-applications/denial-of-service.md#rst-attack)
+      - Scanning technique, see [RFC 793 scans](./scanning-techniques.md#rfc-793-scans)
 
 ### Finish (`FIN`) vs Reset (`RST`)
 

diff --git a/chapters/13-web-applications/denial-of-service.md b/chapters/13-web-applications/denial-of-service.md
@@ -124,15 +124,20 @@
   - Windows 3.1x, Windows 95 and Windows NT
   - Linux prior to versions 2.0.32 and 2.1.63
 
-##### RST attack
+##### `RST` attack
 
 - Also known as **TCP reset attack**
 - Attacker sends TCP packets with the `RST` flag set to `1` to host A, host B, or both using spoofed IPs
   - Causes termination of valid TCP connection between the two hosts.
 - Setting `RST` flag
-  - Indicates that receiving computer should immediately kills the TCP connection
-  - If computer A does not know that B has killed the communication (e.g. if computer B has crashed), it still sends the packets.
-    - Computer B in that case can send `RST` packet to computer B.
+  - Indicates that receiving computer should immediately kill the TCP connection
+  - An real-life scenario
+    1. Two computers (computer A and computer B) communicate with each other
+    2. Computer B kills the communication without knowledge of computer A
+       - E.g. computer B has crashed
+    3. Computer A continues to send packets to computer B
+    4. Computer B sends `RST` packet to computer A to kill the communication
+  - See also: [TCP flags](./../03-scanning-networks/tcpip-basics.md#tcp-flags)
 - 🤗 Used often for internet censorship e.g. • [The Great Firewall of China](https://en.wikipedia.org/wiki/Great_Firewall) • [Iranian Internet censors](https://en.wikipedia.org/wiki/Internet_censorship_in_Iran#Deep_packet_inspection).
 
 ### Application layer DoS attacks