SYN flood

From Wikipedia, the free encyclopedia

A normal connection between a user (Alice) and a server. The three-way handshake is correctly performed.
A normal connection between a user (Alice) and a server. The three-way handshake is correctly performed.
SYN Flood. The attacker (Bob) sends several packets but does not send the "ACK" back to the server. The connections are hence half-opened and eat the server resources. Alice, a legitimate user, tries to connect but the server refuses to open a connection resulting in a denial of service.
SYN Flood. The attacker (Bob) sends several packets but does not send the "ACK" back to the server. The connections are hence half-opened and eat the server resources. Alice, a legitimate user, tries to connect but the server refuses to open a connection resulting in a denial of service.

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system.

When a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs like this:

  1. The client requests a connection by sending a SYN (synchronize) message to the server.
  2. The server acknowledges this request by sending SYN-ACK back to the client, which,
  3. Responds with an ACK, and the connection is established.

This is called the TCP three-way handshake, and is the foundation for every connection established using the TCP protocol.

This article or section does not adequately cite its references or sources.
Please help improve this article by adding citations to reliable sources. (help, get involved!)
This article has been tagged since January 2007.

This is a well known type of attack and is generally not effective against modern networks. It works if a server allocates resources after receiving a SYN, but before it has received the ACK.

There are two methods, but both involve the server not receiving the ACK. A malicious client can skip sending this last ACK message. Or by spoofing the source IP address in the SYN, the server sends the SYN-ACK to the falsified IP address, and never receives the ACK. In both cases the server will wait for the acknowledgement for some time, as simple network congestion could also be the cause of the missing ACK.

If these half-open connections bind resources on the server, it may be possible to take up all these resources by flooding the server with SYN messages. Once all resources set aside for half-open connections are reserved, no new connections (legitimate or not) can be made, resulting in denial of service. Some systems may malfunction badly or even crash if other operating system functions are starved of resources this way.

Reflector routers can also be used as attackers, instead of client machines.

Countermeasures include SYN cookies or limiting the number of new connections from a source per timeframe.

Retrieved from "http://en.wikipedia.org../../../s/y/n/SYN_flood_dbae.html"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.