SYN flood attack

SYN flood attack

An assault on a network that prevents a TCP/IP server from servicing other users. It is accomplished by not sending the final acknowledgment to the server's SYN-ACK response (SYNchronize-ACKnowledge) in the handshaking sequence, which causes the server to keep signaling until it eventually times out. The source address from the client is, of course, counterfeit. SYN flood attacks can either overload the server or cause it to crash. See denial of service attack.
References in periodicals archive ?
Common examples of these kinds of attacks are TCP/IP SYN flood attack, TCP/IP RST attack, Low and Slow attack, Sockstress attack, SSL-Based attacks
DDoS creates huge volumes of data and meaningless strings in the SYN flood attack, which CDNetworks says is a serious threat as most companies do not have the network processing capacity to deal with the data.
In a SYN Flood attack, for example, the invader sends enough SYN requests to a company's system to consume server resources and stall legitimate traffic.
As a result, the node produce larger number of half-open states and also SYN flood attack impacts can be reduced.
A10 showcased the Thunder TPS product live at TechEd-continuously mitigating a 200 million packet per second SYN flood attack over 100 Gbps (at Layer 4) produced by Ixia load generation equipment, while simultaneously mitigating multiple sophisticated application attacks (at Layer 7) from well-known attack tools.
There are many types of attacks, such as the SYN flood attack, ACK flood attack, IP Fragmentation, Distributed Reflected Denial of Service, Teardrop attack and Smurf attack, associated with the denial of service, which are created using TCP vulnerabilities.
1) SYN Attack: A SYN flood attack occurs when a network becomes so overwhelmed by SYN packets initiating incomplete able connection request that it can no longer process legitimate connection requests, resulting in a denial of service (DoS).
A TCP SYN flood attack occurs when an attacker sends multiple TCP SYN requests to a VoIP gateway or call manager system, causing a resource exhaustion condition in the TCP/IP stack of that system.
For example, in a SYN flood attack, packets are sent to a target using spoofed (fake) IP source addresses.
Under a TCP SYN flood attack, Secure64 DNS responded to nearly 100 percent of legitimate queries until attack traffic reached approximately 300 Mbps (300,000 SYNs and ACKs per second), and then degraded slowly to 51 percent availability when line saturation occurred at 550 Mbps.
Bi-directional network latency of UDP packets is measured under three test conditions: with no load, with 500 Mbps of HTTP traffic (or half the rated load of the device if this is less than 1 Gbps), and while the device is under a heavy SYN flood attack (up to 10% of the rated throughput of the sensor).
Tests show that the IPS 5500 was able to block high-volumes of SYN Flood attack packets without degrading the performance of the legitimate traffic.