1. Field of the Invention
The present invention relates to the field of network communications and more particularly to network communications that involve TCP connections between two computing entities.
2. Description of the Related Art
The world wide web is currently the premier computer network for communicating both private and public information. The web is an open network that primarily uses a protocol called TCP/IP (Transmission Control Protocol/Internet Protocol). TCP/IP is the set of communications protocols that implement the protocol stack on which the web and most commercial networks run. One of the basic functions of the TCP/IP protocol is the ability to provide two computing entities with a TCP connection whereby data is exchanged in a duplex manner. Problems may arise, however, during the management of TCP connections between two computing entities, also referred to as “peers.”
Consider a TCP connection between a first and a second computer, wherein the TCP connection exists in an ESTABLISHED state. TCP connections can exist in various predefined states such as the ESTABLISHED state for a well-established TCP connection, the LISTEN state for a TCP connection that is in the process of forming and the CLOSE state for a TCP connection that has been closed. If the second computer, or peer, is rebooted unexpectedly, the TCP connection may remain in an ESTABLISHED state provided the local connection endpoint does not send any data. After reboot, the second computer, or peer, may initiate a new TCP connection with the first computer reusing the same four-tuple. A TCP packet has a Source Address (SA), Destination Address (DA), Source Port (SP), and Destination Port (DP). The set of values SA, SP, DA, DP of a packet is called the four-tuple of the packet. The only existing method that allows the first computer to recognize that the original TCP connection has become stale and must be terminated is to send periodic “keepalive” test packets on that connection. However, the use of “keepalive” packets contributes to network congestion and can raise network costs. Further, because the first computer cannot detect a stale TCP connection, the first computer may become vulnerable to attack via the already existing TCP connection.
A TCP connection is established via a three-way handshake wherein a first computer sends a SYN (or synchronize) packet to the second computer, which responds by sending back a SYN-ACK (or synchronize acknowledge) packet. A SYN packet includes unique sequence and acknowledgement numbers. The handshake ends when the first computer sends an ACK (or acknowledge) packet to the second computer. An RST (or reset) packet can reset a TCP connection.
If a TCP connection between a first and second computer goes stale, the first computer may receive a new SYN message. One approach to the problem defined above involves the first computer sending an RST packet to the second computer including sequence and acknowledgement numbers that match the new SYN. This terminates the new connection with the second computer but the old connection is never terminated. As such, no new connection is able to reuse the original four-tuple. This may cause processing overhead which is not desirable.
Another approach to the problem defined above involves the first computer sending to the second computer an RST packet with sequence and acknowledgement numbers that match the original TCP connection. This exposes the first computer to attack from an attacker who knows or is able to guess the original TCP connection's four-tuple. Using this information, an attacker can coax the first computer into thinking that the attacker is actually the second computer, thereby gaining trusted status with the first computer and ultimately causing the closure of an existing valid TCP connection. This is unacceptable from a security standpoint.
A final approach to this problem involves the first computer sending to the second computer an ACK packet having sequence and acknowledgement numbers that match the old connection. The TCP standards, however, do not permit the second computer to respond to the unexpected sequence and acknowledgement numbers with a RST packet, so this approach will not allow the old connection to be terminated or the new connection to be established. Thus, no new connection is able to reuse the four-tuple of the original TCP connection.
Therefore, there is a need to overcome the deficiencies with the prior art and more particularly for a more efficient way to detect and correct for the reboot of a peer on a TCP connection.