A SYN flood is a type of Level 4 (Transport Layer) network attack (see Kali/Layer 4 Attacks for details). The basic idea is to keep a server busy with idle connections, resulting in a maxed-out number of connections and a resulting denial of service.

About Syn Flood Attack

Normally, when two computers are making a connection, they perform a three-way handshake: the client sends a SYN packet, the server responds with a SYN-ACK packet, and the client responds back with an ACK packet. The TCP connection between the two machines is then officially established. To abuse this handshake process, an attacker can send a SYN Flood, a flood of SYN packets, and do nothing when the server responds with a SYN-ACK packet. The server politely waits for the other end to respond with an ACK packet, and because bandwidth is fixed, the hardware only has a fixed number of connections it can make. Eventually, the SYN packets max out the available connections to a server with hanging connections. New visitors will experience a denial of service.

A SYN Flood can bring down your servicer if it isn't configured properly - each SYN packet will use up another spot in the queue, which will quickly eat up all available TCP connections, and lead to a denial of service. By using a reverse proxy, and putting different rules in place, these kinds of attacks can be thwarted.

This attack occurs on the transport layer - it jams up the normal workings of the transport layer and interferes with the normal delivery of packets.

Links

hping utility: http://www.binarytides.com/tcp-syn-flood-dos-attack-with-hping/

code a syn flood in C: http://www.binarytides.com/syn-flood-dos-attack/

code a syn flood in Python: http://www.binarytides.com/python-syn-flood-program-raw-sockets-linux/

code a syn flood in Perl: http://www.binarytides.com/perl-syn-flood-program-raw-sockets-linux/

Flags

Attack Layers pages addressing attack vectors, tools, and methodologies for each layer of the network stack. Kali/Attack Layers Kali/Workflow 1 Physical Attacks: Kali/Layer 1 Attacks 2 Data/MAC Attacks: Kali/Layer 2 Attacks 3 Network Attacks: Kali/Layer 3 Attacks 4 Transport Attacks: Kali/Layer 4 Attacks 5 Session Attacks: Kali/Layer 5 Attacks 6 Presentation Attacks: Kali/Layer 6 Attacks 7 Application Attacks: Kali/Layer 7 Attacks Template:MITMFlag  · Template:DoSFlag  · Template:MetasploitableFlag Category:Attacks  · Category:Kali Attack Layers Flags  · Template:KaliAttackLayersFlag  · e

Denial of Service denial of service attacks for denying users access to resources that they are otherwise entitled to access. DoS DoS at Layers 1 and 2: Layer 1 and 2 DoS Attacks CAM Table Overflow/MAC Flood: DoS/Mac Flood CAM Table Poisoning: DoS/Cam Poisoning DoS at Layers 3 and 4: Layer 3 and 4 DoS Attacks Syn Flood: DoS/SYN Flood Smurf Attack (Ping Flood): DoS/Smurf Attack DNS Attacks: DoS/DNS DNSSmurf Attack: DoS/DNSSmurf Wormhole Attack: DoS/Wormhole Attack Black Hole Attack: DoS/Black Hole Attack Byzantine Attack: DoS/Byzantine Attack Sleep Deprivation Attack: DoS/Sleep Deprivation Attack Stale Packets: DoS/Stale Packets Toolz: Hping  · Macof  · Tcpnice  · Hammer  · Tors Hammer Category:DoS  · Category:Attacks  · Category:Kali Attack Layers Flags  · Template:DoSFlag  · e