SYN flood attack


Also found in: Dictionary.

SYN flood attack

An assault on a network that prevents a TCP/IP server from servicing other users. It is accomplished by not sending the final acknowledgment to the server's SYN-ACK response (SYNchronize-ACKnowledge) in the handshaking sequence, which causes the server to keep signaling until it eventually times out. The source address from the client is, of course, counterfeit. SYN flood attacks can either overload the server or cause it to crash. See denial-of-service attack.
References in periodicals archive ?
As reported by Akamai [59], in October 2015 the XOR.DDoS botnet alone was able to hit one of their customers with a DNS Flood of 30 million queries per second, combined with a SYN Flood attack of 140 Gbps.
SYN flood attack is a type of DDoS attack that sends large number of spoofed SYN attack packets to the server where in the three-way handshake of TCP connection remains incomplete.
The incidents involving smurf attacks are proven in this situation and syn flood attacks because these connections are requests to produce a massive spur of return packets to the source IP, and also it often cause a similar track to the source and the destination IP.
For example, if SYN flood attacks are detected by the defense application, the controller modifies switch rules to redirect suspected flow onto control plane to filter out malicious packets from normal ones.
There are many types of attacks, such as the SYN flood attack, ACK flood attack, IP Fragmentation, Distributed Reflected Denial of Service, Teardrop attack and Smurf attack, associated with the denial of service, which are created using TCP vulnerabilities.
Bi-directional network latency of UDP packets is measured under three test conditions: with no load, with 500 Mbps of HTTP traffic (or half the rated load of the device if this is less than 1 Gbps), and while the device is under a heavy SYN flood attack (up to 10% of the rated throughput of the sensor).
The authors in [3] evaluated two anomaly detection algorithms (an adaptive threshold algorithm and a CUSUM change point detection algorithm), for detecting TCP SYN flood attacks. The main goal of the research focuses on how the parameters of the algorithms and the characteristics of the attacks affect the performance of detection systems like the above.
SYN cookies are a technique used to block SYN flood attacks, by avoiding dropping connections when the SYN queue fills up.
Since then, Linux patch.2.0.30 had introduced the concept of SYN cookie protection for SYN flood attacks.
The NTP flood method went from accounting for less than I percent of all attacks in the prior quarter to reaching nearly the same popularity as SYN flood attacks, a perennial favourite among DDoS attackers.
-- SYN Cookies - employed to eliminate SYN queue exhaustion which might lead to connection dropping and uncompleted transactions, to successfully mitigate SYN flood attacks;
The system uses anomaly detection algorithms to forecast and detect anomalies in real time, including latency-based anomalies, service-level and performance-level violations, datagram storms, resource overscription, SYN flood attacks and application overload.