Sudhanshu Bhardwaj's Blog

The Three-way handshake

The Three-way handshake

Sudhanshu Bhardwaj's photo
Sudhanshu Bhardwaj
·

3 min read

When two devices want to communicate with each other, they need to establish a connection first. The three-way handshake is one of the most common ways to do this.

The three-way handshake is also known as the SYN-ACK-SYN sequence. It works like this:

  1. The first device (let's call it Device A) sends a SYN signal to the second device (Device B).

  2. Device B responds with a SYN-ACK signal, which means "I got your SYN signal, and I'm sending you a SYN signal of my own".

  3. Device A responds with an ACK signal, which means "I got your SYN-ACK signal".

At this point, the connection is established and the two devices can start communicating with each other.

The three-way handshake is used not just by two devices, but by two networks as well. When two networks want to communicate with each other, they need to first establish a connection. The three-way handshake is one of the most common ways to do this.

The three-way handshake is also known as the SYN-ACK-SYN sequence. It works like this:

  1. The first network (let's call it Network A) sends a SYN signal to the second network (Network B).

  2. Network B responds with a SYN-ACK signal, which means "I got your SYN signal, and I'm sending you a SYN signal of my own".

  3. Network A responds with an ACK signal, which means "I got your SYN-ACK signal".

At this point, the connection is established and the two networks can start communicating with each other.

However, the three-way handshake is not without its flaws. There are a few different types of attacks that can be used to exploit the three-way handshake.

The first type of attack is called a SYN flood. In a SYN flood, the attacker sends a large number of SYN signals to a victim. The victim responds with a SYN-ACK signal for each SYN signal it receives, but the attacker never responds with an ACK signal. As a result, the victim's resources are quickly exhausted and it can no longer respond to legitimate traffic.

The second type of attack is called a SYN cookies attack. In a SYN cookies attack, the attacker sends a SYN signal to the victim, but includes a cookie in the SYN-ACK signal. The victim then responds with an ACK signal that includes the cookie. The attacker can use this cookie to impersonate the victim and establish illegitimate connections.

The third type of attack is called a spoofing attack. In a spoofing attack, the attacker sends a SYN signal to the victim, but includes a fake IP address in the SYN-ACK signal. The victim then responds with an ACK signal, but the attacker never receives it because the ACK is sent to the fake IP address. As a result, the attacker can establish a connection with the victim without the victim ever knowing.

Each of these attacks can be used to exploit the three-way handshake and establish illegitimate connections. As a result, it is important to be aware of these attacks and take steps to protect yourself from them.

networkingSecurity