TCP is one of the main end-to-end protocols for Internet communications. It provides complementary functionality to Internet Protocol (IP) to make such communications reliable, ordered and error checked. TCP receives data in a data stream to be communicated, divides it, and adds a TCP header to define successive TCP segments, sometimes referenced as packets. The TCP header is described by various protocol definitions such as (Request for Comment) RFC 793 entitled “TRANSMISSION CONTROL PROTOCOL, DARPA INTERNET PROGRAM PROTOCOL SPECIFICATION” dated September 1981, prepared for Defense Advanced Research Projects Agency (DARPA). Supplemental documents such as RFC 5961 entitled “Improving TCP's Robustness to Blind In-Window Attacks”, dated August 2010, provide further description about how TCP segments can be handled in specific situations. Both RFC 793 and RFC 5961 are published by the Internet Engineering Task Force (IETF) at ietf.org and are incorporated herein by reference.
A spoofed TCP RST (reset) segment is a common tool used by hackers as well as network security devices to disrupt TCP traffic. For example, a security device may use a TCP RST segment to terminate a TCP connection that violates a security policy. The TCP RST segment is a spoofed packet meant to cause a TCP connection termination. Newer TCP stacks (e.g. software implementing the TCP or TCP/IP protocols layers) implement more restrictive controls on the processing of a TCP RST segment such that spoofing a RST segment to successfully terminate a TCP connection has become more difficult. Such stacks may implement RFC 5961 for example. This can be good for some security aspects, but can make it more challenging for an out-of-band security device, such as one monitoring traffic for security purposes, to disturb unwanted TCP traffic.