what is syn flood attack

What is Syn flood attack? How to Mitigate and Avoid in Future

Cyber Attacks Cyber Security
Spread the love

Syn flood attack:

It is type of DOS attack which exploits TCP three way handshake.

The attacker sends huge connection requests ( SYN) to server.

Server will accept the request for certain time and hold the connection.

It will consume all the concurrent connection’s on.

Target server will not be available for legit users.

It is also called as Half open attack

In this too many requests are send to the server.

All available server resources will be consume. As a result server will be unavailable for legitimate traffic.

How Syn flood attack works?

In TCP/IP 3 way hand shake:

Client send a SYNC packet to the server in order to initiate the connection

Now Server give response with SYN/ACK packet, acknowledges it

Now clients sends a ACK packet to the server.

After completion of these 3 steps of packets sending and receiving.

Now TCP connection is open And able to send & receive data.

How attackers attacks the server?

In order to launch Syn Flood attack

Attacker sends too many Syn packets to server usually by spoofed IP addresses.

server give response to each requests and keeps port open to receive the response

At the time when server waits for final ACP packet,
attacker send more SYN request.

All available ports will be utilized.

At last server may crash and may not function properly for genuine users.

How to prevent the Syn flood attack?

In order to avoid huge losses it is better to design a strategy and solution to deal with synchronize flood attack


Use Anti DDOS technology like Arbor.

Increased Back log queue:

There must be additional memory resources to deal with new requests. This can increase back log queue.

Firewall Filtering: 

Use firewall to filter syn packets

To know  about other Cyber Attacks information check here

Leave a Reply

Your email address will not be published. Required fields are marked *