Syn flood attack:
It is type of DOS attack which exploits TCP three way handshake.
The attacker sends huge connection requests ( SYN) to server.
Server will accept the request for certain time and hold the connection.
It will consume all the concurrent connection’s on.
Target server will not be available for legit users.
It is also called as Half open attack
In this too many requests are send to the server.
All available server resources will be consume. As a result server will be unavailable for legitimate traffic.
How Syn flood attack works?
In TCP/IP 3 way hand shake:
Client send a SYNC packet to the server in order to initiate the connection
Now Server give response with SYN/ACK packet, acknowledges it
Now clients sends a ACK packet to the server.
After completion of these 3 steps of packets sending and receiving.
Now TCP connection is open And able to send & receive data.
How attackers attacks the server?
In order to launch Syn Flood attack
Attacker sends too many Syn packets to server usually by spoofed IP addresses.
server give response to each requests and keeps port open to receive the response
At the time when server waits for final ACP packet,
attacker send more SYN request.
All available ports will be utilized.
At last server may crash and may not function properly for genuine users.
How to prevent the Syn flood attack?
In order to avoid huge losses it is better to design a strategy and solution to deal with synchronize flood attack
Mitigation:
Use Anti DDOS technology like Arbor.
Increased Back log queue:
There must be additional memory resources to deal with new requests. This can increase back log queue.
Firewall Filtering:
Use firewall to filter syn packets
To know about other Cyber Attacks information check here
