TCP reset attack
(also forged TCP reset, spoofed TCP reset, TCP RST)
TCP reset attack definition
A TCP reset attack is a type of denial-of-service attack that aims to terminate an established TCP connection between two parties using fake TCP reset packets. TCP reset attacks can disrupt online services, overwhelm servers, or even hijack user sessions to let attackers gain unauthorized access to the system.
See also: cyberattack, TCP handshake, session hijacking
How a TCP reset attack works
In a TCP reset attack, the hacker sends fake TCP reset packets (control messages that allow one party to unilaterally terminate a TCP connection, typically when an error occurs or the connection needs to be forcefully closed) to one or both parties. The fake reset packet appears to be coming from a legitimate source, causing the receiving party to terminate the connection.
Stopping TCP reset attacks
- Use firewalls and intrusion detection systems to identify and filter out suspicious network traffic, including forged reset packets.
- Monitor network traffic for unusual patterns, such as a sudden surge in reset packets or unexpected terminations of established connections.
- Implement secure communication protocols (such as Transport Layer Security) to encrypt TCP connections, making it harder for attackers to tamper with them.