[ale] TCP, Apache, & security

[Fletch]

        A TCP connection is uniquely identified by the tuple (source
IP. source port, dest IP, dest port).  If a packet with a different
source address was sent after the initial handshake it would
essentially be dropped since the destination would have no record of
an established connection (one that had gone through the three-way
handshake) with that particular source IP and source port (i.e. the
server would send back a packet with the reset (RST) flag set to the
changed source IP and port, IIRC).  The original session would
eventually time out if the client never sent any further packets with
correct addresses. 

        The ORA `crab' book (_TCP/IP Network Administration_, can't
remember the ISBN but I think I've got the 1st ed anyhoo :) has a good 
explanation of how TCP works.  The RFC (can't remember the IP off
hand, but I want to say it's somewhere in the 400's or 500's for some
reason) is of course the definitive source for what happens.  There's
a nice ASCII state diagram showing what happens with different packets.

-- 
Fletch                | "If you find my answers frightening,       __`'/|
fletch at phydeaux.org   |  Vincent, you should cease askin'          \ o.O'
678 443-6239(w)       |  scary questions." -- Jules                =(___)=
                      |                                               U
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.