Network Protocols and Algorithms

Many network engineers might presume that the TCP three way handshake is the one, inviolate method of establishing TCP connections. A smaller percentage of engineers are also familiar with the little-used "simultaneous-open" connection method of establishing TCP connections. Researchers have discovered a third means to initiate TCP sessions, dubbed the "split handshake" method, which blends features of both the three way handshake and the simultaneous-open connection. Popular TCP/IP networking stacks respect this novel handshaking method, including Microsoft, Apple, and Linux stacks, with no modification. However, the effects of the split handshake method of session establishment on session aware devices, such as NAT gateways, intrusion detection devices, firewalls, and port scanners are largely unknown. We have provided an initial set of data points which shows that these devices can exhibit a high degree of unreliability and unexpected behavior when a split handshake session is executed by a standard client and a specially-modified server.