OmniSecu.com Logo  
omnisecu.com free mcse ccna rhce linux java learning
omnisecu.com free mcse ccna rhce linux java learning
          Sharefacebook twitter google+ google bookmark yahoo bookmark delicious digg linkedin pinterest reddit stumbleupon evernote diigo blinklist blogmarks livejournal email feed

Tutorials

Types of attacks - SYN attack

External Resources

Before understanding what is SYN attack, we need to know about TCP/IP three-way handshake mechanism.  Transmission Control Protocol/Internet  Protocol (TCP/IP) session is initiated with a three-way handshake. The two communicating computers exchange a SYN, SYN/ACK and ACK to initiate a session. The initiating computer sends a SYN packet, to which the responding host will issue a SYN/ACK and wait for an ACK reply from the initiator. Click the following link to learn more about TCP/IP three-way handshake mechanism.

The SYN flood attack is the most common type of flooding attack. The attack occurs when the attacker sends large number of SYN packets to the victim, forcing them to wait for replies that never come. The third part of the TCP three-way handshake is not executed. Since the host is waiting for large number of replies, the real service requests are not processed, bringing down the service.  The source address of these SYN packets in a SYN flood attack is typically set to an unreachable host. As a result it is impossible to find the attacking computer.

SYN cookies provide protection against the SYN flood. A SYN cookie is implemented by using a specific initial TCP sequence number by TCP software and is used as a defense against SYN Flood attacks. By using stateful firewalls which reset the pending TCP connections after a specific timeout, we can reduce the effect of SYN attack.

              Jajish Thomason Google+
Related Topics

No Related Topics Available

comments powered by Disqus


eXTReMe Tracker DMCA.com