What is TCP Syn Flooding Attack?

 TCP SYN flooding

--> In TCP Syn Flood attack, an attacker sends so many SYN Packets to the server so that can be used to make server incapable of responding to any legitimate client's requests.

--> TCP connections that have been started but not finished are called half-open connections.

--> Each host uses little bit memory to store the state of the half-open connections.

--> If the half-open connections from the attacker fill up the storage so that the host cannot accept further TCP connection requests, thus denying service to the legitimate TCP connections.

--> TCP SYN flooding causes a DoS attack.

--> TCP SYN flooding can be implemented in three ways by the attacker,


i) Direct Attack: 

--> In this attack, An attacker sends SYN packets without changing the source IP Address.

--> This type of attack is easy to perform as an attacker is not changing the IP address before sending SYN Packet.

--> We can prevent this type of attack by simply blocking the Attacker IP address using firewall rules.


ii) Spoofing Attack

-->  In this attack, An attacker sends SYN packets by changing the source IP Address.

--> This type of attack is difficult to perform compared to direct attack as an attacker needs to change the IP address before sending SYN Packet.

--> This type of attack can be prevented by using implementing URPF.



iii) Distributed Attack

--> In this attack, More than one attacker sends SYN packets by changing or without changing the source IP Address.

--> This type of attack is difficult to perform compared to direct attack and Spoofing attack as it uses more than one machine to perform this attack.

--> This type of attacks are difficult to stop compared to direct attack and spoofing attack.




Ref: Cisco

Md.Kareemoddin

CCIE # 54759


0 Comments