After completing this sequence of packet sending and receiving, the TCP connection is open and able to send and receive data. The server then responds to that initial packet with a SYN/ACK packet, in order to acknowledge the communication.įinally, the client returns an ACK packet to acknowledge the receipt of the packet from the server. Under normal conditions, TCP connection exhibits three distinct processes in order to make a connection.įirst, the client sends a SYN packet to the server in order to initiate the connection. SYN flood attacks work by exploiting the handshake process of a TCP connection.
By repeatedly sending initial connection request (SYN) packets, the attacker is able to overwhelm all available ports on a targeted server machine, causing the targeted device to respond to legitimate traffic sluggishly or not at all. Hackers leverage this mechanism to implement SYN flood.Ī SYN flood (half-open attack) is a type of denial-of-service (DDoS) attack which aims to make a server unavailable to legitimate traffic by consuming all available server resources. If the number of connections are used up, the server cannot provide normal services. Half-open connections are counted in the number of connections to the server. In this case, it is a half-open connection. The server continues to wait for an ACK packet until the connection times out. After the server receives this ACK packet, the three-way handshake is complete and the TCP connection is established. The destination address and port number of the SYN-ACK packet are the IP address and port number of the client.Īfter receiving the SYN-ACK packet from the server, the client sends back an ACK packet. The source IP address and port number of the SYN packet are the IP address and port number of the client.Īfter receiving the SYN packet, the server replies with a Synchronize-Acknowledgment (SYN-ACK) packet.
When a connection starts to be established, the client sends a SYN packet to the server and waits for an acknowledgment from the server. The following describes a normal TCP three-way handshake process. A SYN packet refers to the Synchronize packet in the TCP protocol and is the first packet in the TCP three-way handshake process. SYN flood, as the name implies, uses a flood of SYN packets to attack the system.
0 kommentar(er)
