📖 WIPIVERSE

🔍 Currently registered entries: 105,207건

SYN flood

A SYN flood is a form of denial-of-service (DoS) attack where an attacker rapidly initiates a connection to a server without finalizing the connection. This is accomplished by sending a high volume of SYN (synchronize) packets to the target server, each appearing to originate from a different, often spoofed, IP address.

The server, upon receiving each SYN packet, responds with a SYN-ACK (synchronize-acknowledge) packet and reserves resources in anticipation of receiving the final ACK (acknowledge) packet to complete the TCP three-way handshake. However, the attacker never sends the ACK, leaving the server with numerous half-open connections.

As the number of these half-open connections grows, the server's resources (memory, CPU) become exhausted, eventually preventing it from accepting legitimate new connections from legitimate users. This leads to a denial of service, effectively making the server unavailable.

SYN floods exploit the fundamental design of the TCP protocol and are effective because they target the connection establishment process, hindering the server's ability to manage and respond to connection requests.

Mitigation techniques include:

  • SYN cookies: The server uses cryptographic cookies to validate connection requests without allocating resources prematurely. The server encodes the sequence number of the SYN-ACK packet, so it doesn't need to store information about the connection until the ACK is received.
  • SYN cache: The server stores connection information in a special, smaller cache that can handle a high volume of SYN requests.
  • Increasing backlog queue size: This allows the server to hold more half-open connections, but may only delay the inevitable exhaustion of resources.
  • Rate limiting: Limiting the number of SYN packets accepted from a particular IP address or network segment within a given time period.
  • Firewall and intrusion detection/prevention systems: These can be configured to detect and block suspicious SYN flood traffic.
  • Micro blocks: Like SYN Cookies, these reduce the amount of memory consumption with each SYN/ACK packet.

The effectiveness of each mitigation technique depends on the specific characteristics of the SYN flood attack and the server's configuration. A combination of methods is often employed to provide the best defense.

© 2024 WIPIVERSE