A SYN flood (semi-open attack) is a type of denial of service (DDoS) attack that seeks to render a server unavailable for legitimate traffic as it consumes all available server resources. By repeatedly sending initial connection request (SYN) packets, the attacker can overload all available ports on the targeted server machine, causing that device to respond slowly to legitimate traffic or to not respond at all. absolute.
Like ping of death, SYN flood is a protocol attack. These attacks aim to exploit a vulnerability in network communications to put the target system at its feet. The attacker manipulates the three-step transmission control protocol (TCP) negotiation, and instead of negotiating a connection between the client and the server, as expected, many semi-open connections are created on the server. This takes up server resources that are no longer available for actual use.
SYN flood attacks work because they take advantage of the handshake process of a TCP connection. Under normal conditions, the TCP connection has three different processes to achieve a connection.
▸First, the client sends a SYN packet to the server to initiate the connection.
▸The server responds to the initial packet with a SYN / ACK packet to acknowledge the communication.
▸The client returns an ACK packet to acknowledge the receipt of the packet from the server. After completing this round-trip packet sequence, the TCP connection is open, and you can send and receive information.
The general working principle of SYN flood attacks has been known approximately since 1994. Therefore, today there are a number of very effective defensive measures. However, some of them have negative side effects or only work under certain conditions. In general, it is not easy to distinguish malicious SYN packets from legitimate ones. Most of the popular defensive measures are used at the server level, although there are cloud-based solutions as well.
▸One of the simplest methods of increasing the security of a system against SYN flood attacks is to increase the maximum number of semi-open connections that the operating system will allow.
▸Removes the oldest semi-open connection from the SYN queue when it is full. In this way, space is generated for a new semi-open connection.
Other reads:
ICMP Flood denial of service attack type
Gafgyt is a botnet that uses Mirai DDoS modules
[…] reads:SYN Flood variant of DDoS attackICMP Flood denial of service attack […]
[…] reads:SYN Flood variant of DDoS attackPing of Death, One of the first threats on the netNTP Amplification Attack is a high impact DDoS […]