Does TCP RST packet along with other flags set valid?

red0ct

10/17/22, 7:03 PM

When I researched some methods of DDoS protection I faced with some firewall rule which limit packets with RST bit set to 60 per second. Indeed it makes some sense. But it also doesn't check the other flags.
For me it seems that packets with RST flag set and also some other flags set are invalid, so we can drop/reject it.

The questions is: can in practice we see valid TCP RST packets along with other TCP flags (bits) set?

Here is the Linux Iptables rule I'm talking about:

iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT

I think it should be something like:

iptables -A INPUT -p tcp --tcp-flags ALL RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT

Source: IPtables DDoS Protection for VPS

132

0 + 4

networking

linux

firewall

iptables

tcp

Steffen Ullrich

10/17/22, 8:04 PM

RST with ACK is pretty normal. RST with SYN or FIN or URG not

user9517

10/18/22, 7:07 AM

If you are trying to do DDOS protection on the system being DDOSed then you have pretty much lost already.

red0ct

10/18/22, 8:45 AM

@user9517 Okay, but I want to have the **right rules for packet validation** anyway.

red0ct

10/18/22, 8:48 AM

@SteffenUllrich Is there some source of this info or it's from your practice? And what about PSH?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Does TCP RST packet along with other flags set valid?

TH: แพ็กเก็ต TCP RST พร้อมกับการตั้งค่าสถานะอื่น ๆ ถูกต้องหรือไม่

RO: Pachetul TCP RST împreună cu alte semnalizatoare sunt valide?

RU: Пакет TCP RST вместе с другими установленными флагами действителен?

VI: Gói TCP RST cùng với các cờ khác có hợp lệ không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.