Tizian-Maxime-Weigt/TCP-Flag-Combinations
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Tizian Maxime Weigt 2da155640c README.md aktualisiert
2025-04-29 11:43:00 +00:00
README.md
README.md aktualisiert
2025-04-29 11:43:00 +00:00

README.md

Some ideas for XDP based TCP filtering

Flag Combination Flags Set (Hex) Purpose IP+TCP Payload Size Ethernet Frame Size XDP Filtering Logic
SYN 0x02 Initiates connection 4059 bytes 6477 bytes Rate limit SYN packets per source IP to prevent floods. Drop if rate exceeds threshold.
SYN-ACK 0x12 Acknowledges SYN 4059 bytes 6477 bytes Validate against recent SYN requests using eBPF maps. Drop if no matching SYN.
ACK 0x10 Acknowledges data 40 bytes 64 bytes Allow for established connections. Rate limit to prevent ACK floods.
PSH-ACK 0x18 Pushes data 401500 bytes 641518 bytes Allow for data transfer. Rate limit large packets to prevent floods.
FIN-ACK 0x11 Closes connection 40 bytes 64 bytes Allow for connection closure. Drop if part of a FIN scan (no prior SYN).
RST 0x04 Resets connection 40 bytes 64 bytes Allow for error handling. Drop if part of a reset attack (high rate from single IP).
NULL 0x00 Invalid (no flags) 40 bytes 64 bytes Drop immediately as invalid/malicious.
XMAS 0x29 (FIN+PSH+URG) Probing attack 40 bytes 64 bytes Drop immediately as invalid/malicious.
SYN-FIN 0x03 Invalid combination 40 bytes 64 bytes Drop immediately as invalid.
URG-ACK 0x30 Urgent data (rare) 40 bytes 64 bytes Allow if rare, but monitor for anomalies.
ACK-PSH-URG 0x38 Data with urgent flag 401500 bytes 641518 bytes Allow for specific use cases, but rate limit to prevent abuse.
SYN-RST 0x06 Invalid combination 40 bytes 64 bytes Drop immediately as invalid.
Description
TCP Flag Combinations
https://www.t-w.dev
Readme 49 KiB