The attack is believed to be a key component of China’s Great Firewall, used by the Chinese government to censor the internet inside China.
the GFW may sometimes also want to allow a connection to be made, but to then kill it halfway through.
against long-lived connections
针对IPSec,针对ip级别的auth
虽然有TLS,但是基于tcp的协议,依然无效
Reconstructing segments into a stream requires care, because the internet is not reliable.重新组织tcp包
A successful TCP reset attack therefore requires a believable sequence number.
原理还是插入一个包,导致整个链路失效
UDP的连接是单向的,在调用connect的时候并不会产生任何通信流量,它只是在内核协议栈中绑定了一对五元组而已,该五元组是:UDP协议/源IP/源端口/目的IP/目的端口
UDP-端口复用的IP协议
UDP双方每次以512字节定长包通信
多点通讯