TCP SYN flooding
--> In TCP Syn Flood attack, an attacker sends so many SYN Packets to the server so that can be used to make server incapable of responding to any legitimate client's requests.
--> In TCP Syn Flood attack, an attacker sends so many SYN Packets to the server so that can be used to make server incapable of responding to any legitimate client's requests.
--> TCP connections that have been started but not finished are called half-open connections.
--> Each host uses little bit memory to store the state of the half-open connections.
--> If the half-open connections from the attacker fill up the storage so that the host cannot accept further TCP connection requests, thus denying service to the legitimate TCP connections.
--> TCP SYN flooding causes a DoS attack.
--> TCP SYN flooding can be implemented in three ways by the attacker,
i) Direct Attack:
--> In this attack, An attacker sends SYN packets without changing the source IP Address.
--> This type of attack is easy to perform as an attacker is not changing the IP address before sending SYN Packet.
--> We can prevent this type of attack by simply blocking the Attacker IP address using firewall rules.
ii) Spoofing Attack
--> In this attack, An attacker sends SYN packets by changing the source IP Address.
--> This type of attack is difficult to perform compared to direct attack as an attacker needs to change the IP address before sending SYN Packet.
--> This type of attack can be prevented by using implementing URPF.
iii) Distributed Attack
--> In this attack, More than one attacker sends SYN packets by changing or without changing the source IP Address.
--> This type of attack is difficult to perform compared to direct attack and Spoofing attack as it uses more than one machine to perform this attack.
--> This type of attacks are difficult to stop compared to direct attack and spoofing attack.
Ref: Cisco
Md.Kareemoddin
CCIE # 54759
0 Comments