Re: [lwip-users] TCP SYN to UDP port

lwip-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-users] TCP SYN to UDP port

From:	Esa Hill
Subject:	Re: [lwip-users] TCP SYN to UDP port
Date:	Mon, 18 Apr 2016 10:32:42 +0000

Thank you for this information. We will implement an option for this if the 
certification lab elevates this issue.
I already studied it a bit, but I wasn't sure where I could get information 
that we are handling a UDP socket there. Or could I assume that it's not a TCP 
socket and therefore skip the RST?

I forgot to say that we have a list of open ports and we will drop all IPv4 
packets in Ethernet driver layer if we don't have the destination port open. 
That is why there are no RST responses to the other ports. This is been done 
just to save resources.

Br,
Esa Hill

-----Original Message-----
From: lwip-users [mailto:address@hidden On Behalf Of Simon Goldschmidt
Sent: 18. huhtikuuta 2016 10:45
To: address@hidden
Subject: Re: [lwip-users] TCP SYN to UDP port

Esa Hill wrote:
> When nmap scan is executed against our device (LwIP 1.4.1), it 
> responds with RST for SYN even when the socket/port is listening only UDP 
> “connections”.
> 
> Is this correct behavior (does some RFC say something about this?) or 
> should it just drop silently the SYN packet as it does for unused ports?
> This came up in one certification process (they see it as a problem).

Yes, this is correct behaviour. Any correct packet that does not match a pcb 
should be answered with RST (unless it is a RST itself).
Not sending a RST in response is often done by devices to "hide" their 
presence, but I'm not sure this is really safer to do...
Also I can't tell you right now if there is an lwIP setting to do so, but I 
think not.

> Nmap results:
> 49998/tcp filtered unknown
> 49999/tcp filtered unknown
> 50000/tcp closed ibm-db2
> 50001/tcp filtered unknown
> 50002/tcp filtered iiimsf

That's strange. You should see a RST on all ports. Unless you have a resource 
problem.
As Sergio already said there is absolutely no interconnection between UDP and 
TCP.

Simon

_______________________________________________
lwip-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/lwip-users

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-users] TCP SYN to UDP port, Esa Hill, 2016/04/14
- Re: [lwip-users] TCP SYN to UDP port, Sergio R. Caprile, 2016/04/15
  - Re: [lwip-users] TCP SYN to UDP port, Esa Hill, 2016/04/18
    - Re: [lwip-users] TCP SYN to UDP port, Simon Goldschmidt, 2016/04/18
    - Re: [lwip-users] TCP SYN to UDP port, Esa Hill <=
    - Re: [lwip-users] TCP SYN to UDP port, Simon Goldschmidt, 2016/04/18
    - Re: [lwip-users] TCP SYN to UDP port, Esa Hill, 2016/04/18
  - Re: [lwip-users] TCP SYN to UDP port, Sergio R. Caprile, 2016/04/18
    - Re: [lwip-users] TCP SYN to UDP port, Esa Hill, 2016/04/18
    - Re: [lwip-users] TCP SYN to UDP port, Sergio R. Caprile, 2016/04/18

Prev by Date: Re: [lwip-users] TCP SYN to UDP port
Next by Date: Re: [lwip-users] TCP SYN to UDP port
Previous by thread: Re: [lwip-users] TCP SYN to UDP port
Next by thread: Re: [lwip-users] TCP SYN to UDP port
Index(es):
- Date
- Thread