After the discussion "Connection remains flagged as ESTABLISHED even if host is unconnected" I am back again to ask for further information.
Resume: I have a remote host (Windows client) which connects to my Linux embedded system (the server which I use to transmit or to receive data).
In this situation, once the client is connected it starts to retrieve data from server through TCP protocol. If the client disconnects, the connection on the server does not disappear. It remains as ESTABLISHED.
I did not programmed the applications used to retrieve and send packets between two hosts (however I could modify the source code from server side) but If I am not wrong it's not necessary.
After analyzing the network traffic with tcpdump I see that this issue is due to SYN/ACK sequence (at least is what I understand) from this sample output:
13:02:38.085996 IP 192.168.11.98.2101 > 192.168.11.50.58987: Flags [P.], seq 151644:151648, ack 1, win 473, length 4
13:02:38.283570 IP 192.168.11.98.2101 > 192.168.11.50.58987: Flags [P.], seq 151648:151916, ack 1, win 473, length 268
13:02:39.289412 IP 192.168.11.98.2101 > 192.168.11.50.58987: Flags [P.], seq 151916:151920, ack 1, win 473, length 4
13:02:39.489854 IP 192.168.11.98.2101 > 192.168.11.50.58987: Flags [P.], seq 151920:152226, ack 1, win 473, length 306
13:02:40.093989 IP 192.168.11.98.2101 > 192.168.11.50.58987: Flags [P.], seq 152226:152230, ack 1, win 473, length 4
But the client is not retrieving any data neither the server is sending it, it's just a SYN/ACK sequence. It continues for ever and the only way to stop this is changing server configuration (receiver mode) or unplugging the Ethernet adapter. This is not an acceptable solution.
If I am not wrong it be considered a SYNflood attack..
The question is: how can I avoid such a situation closing the connection from server side ?
Is it possible to do so from some configuration file or from firewall without limiting the incomoing connections (as suggested here) ?
