RFC 3360 (rfc3360) - Page 1 of 19
Inappropriate TCP Resets Considered Harmful
Alternative Format: Original Text Document
Network Working Group S. Floyd
Request for Comments: 3360 ICIR
BCP: 60 August 2002
Category: Best Current Practice
Inappropriate TCP Resets Considered Harmful
Status of this Memo
This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This document is being written because there are a number of
firewalls in the Internet that inappropriately reset a TCP connection
upon receiving certain TCP SYN packets, in particular, packets with
flags set in the Reserved field of the TCP header. In this document
we argue that this practice is not conformant with TCP standards, and
is an inappropriate overloading of the semantics of the TCP reset.
We also consider the longer-term consequences of this and similar
actions as obstacles to the evolution of the Internet infrastructure.
1. Introduction
TCP uses the RST (Reset) bit in the TCP header to reset a TCP
connection. Resets are appropriately sent in response to a
connection request to a nonexistent connection, for example. The TCP
receiver of the reset aborts the TCP connection, and notifies the
application [RFC 793, RFC 1122, Ste94].
Unfortunately, a number of firewalls and load-balancers in the
current Internet send a reset in response to a TCP SYN packet that
use flags from the Reserved field in the TCP header. Section 3 below
discusses the specific example of firewalls that send resets in
response to TCP SYN packets from ECN-capable hosts.
This document is being written to inform administrators of web
servers and firewalls of this problem, in an effort to encourage the
deployment of bug-fixes [FIXES]. A second purpose of this document
is to consider the longer-term consequences of such middlebox
behavior on the more general evolution of protocols in the Internet.
Floyd Best Current Practice