# Half-Open TCP Connection Problem

<figure><img src="https://1919807373-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKwrEaJP2cLc3Ipsnkpus%2Fuploads%2FcPrO9MfA1t3WPvu8C5Dp%2Fa.png?alt=media&#x26;token=4b55b1c2-a979-4b6d-889a-d57348f1ca21" alt=""><figcaption></figcaption></figure>

A DoS attack commonly uses half-open TCP connections.

* A firewall keeps the state of the TCP session in memory.
* Multiple half-open TCP connections can overrun firewalls.
  * Define timeout values for half-open TCP sessions:
    * Normal: small/medium values.
    * Under attack (based on traffic thresholds): very small values.
  * May be necessary to use external means to “clean” the firewall.
    * Resetting (half-open) connections from the internal servers.