From charlesreid1

(Redirected from SYN Flood)

A SYN flood is a type of Level 4 (Transport Layer) network attack (see Kali/Layer 4 Attacks for details). The basic idea is to keep a server busy with idle connections, resulting in a maxed-out number of connections and a resulting denial of service.

About Syn Flood Attack

Normally, when two computers are making a connection, they perform a three-way handshake: the client sends a SYN packet, the server responds with a SYN-ACK packet, and the client responds back with an ACK packet. The TCP connection between the two machines is then officially established. To abuse this handshake process, an attacker can send a SYN Flood, a flood of SYN packets, and do nothing when the server responds with a SYN-ACK packet. The server politely waits for the other end to respond with an ACK packet, and because bandwidth is fixed, the hardware only has a fixed number of connections it can make. Eventually, the SYN packets max out the available connections to a server with hanging connections. New visitors will experience a denial of service.

A SYN Flood can bring down your servicer if it isn't configured properly - each SYN packet will use up another spot in the queue, which will quickly eat up all available TCP connections, and lead to a denial of service. By using a reverse proxy, and putting different rules in place, these kinds of attacks can be thwarted.

This attack occurs on the transport layer - it jams up the normal workings of the transport layer and interferes with the normal delivery of packets.

Links

hping utility: http://www.binarytides.com/tcp-syn-flood-dos-attack-with-hping/

code a syn flood in C: http://www.binarytides.com/syn-flood-dos-attack/

code a syn flood in Python: http://www.binarytides.com/python-syn-flood-program-raw-sockets-linux/

code a syn flood in Perl: http://www.binarytides.com/perl-syn-flood-program-raw-sockets-linux/


Flags