-
Notifications
You must be signed in to change notification settings - Fork 20
TCP SYN Flood
The TCP SYN flood attack is a type of Denial of Service (DoS) attack that targets the TCP handshake process, overwhelming a victim server or network with a flood of SYN packets. SYN flood attacks exploit a vulnerability in the TCP protocol, taking advantage of the three-way handshake mechanism to consume server resources and render the system unresponsive to legitimate traffic.
TCP (Transmission Control Protocol) is a widely used protocol for reliable communication over the Internet. During the TCP handshake process, a client initiates a connection by sending a SYN packet to the server. The server responds with a SYN-ACK packet, and the client completes the handshake by sending an ACK packet. This three-way handshake establishes a connection between the client and server.
In a TCP SYN flood attack, an attacker sends a large number of SYN packets to the victim server, but does not respond to the server's SYN-ACK packets. The server waits for an ACK that never arrives, leaving the connection in a half-open state. As a result, the server's resources, such as memory and processing power, become exhausted as it keeps waiting for the final ACK, preventing it from handling legitimate requests.
TCP SYN flood attacks can have severe consequences for targeted systems and networks, including:
-
Denial of Service (DoS): SYN flood attacks overload server resources, leading to a denial of service for legitimate users. This can disrupt essential services, such as websites, email servers, or online applications, causing financial losses and damage to a company's reputation.
-
Resource Exhaustion: As a victim server keeps waiting for ACK packets that never arrive, its resources, including memory, CPU, and network bandwidth, are consumed. This can result in system crashes, slowdowns, or complete unresponsiveness.
-
Collateral Damage: In some cases, SYN flood attacks can also impact network infrastructure, routers, and firewalls, leading to widespread network outages or affecting other interconnected systems.
- Rate-Limit.
- Automatic TCP SYN Cookies.
- Anti-Spoofing.
- Other methods.