SYN flooding is a denial of service attack that overwhelms a server by using up all its resources through sending multiple SYN messages without corresponding ACK messages. This attack can be prevented using solutions such as SYN cookies.
SYN flooding is a form of denial of service attack that can be launched on a server to overwhelm the server and not allow other users to access it. This is a somewhat older form of attack and has been quite popular for a while due to the relatively low resources required to cast it. The basic process for the attack uses the method by which users connect to a server via a transmission control protocol (TCP) to use up all system resources. SYN flooding was once a very common form of attack, although various solutions have been devised to reduce or eliminate its effectiveness on modern servers.
The idea behind SYN flooding uses how users connect to servers via TCP connections. TCP uses a system called a three-way handshake which starts with a user sending a “sync” or SYN message to the server. The server then receives the message and sends the user a “sync confirmed” or SYN-ACK message. Once the user’s system receives this message, the user sends a final “acknowledgement” or ACK message to the server to establish the connection. This basic process happens fairly quickly and ensures that both ends of the connection are in sync.
A SYN flood attack, however, uses this three-way handshake to lock down resources within the server, thus preventing others from accessing the system. The SYN flood attack begins with a SYN message sent to the server, which responds with the standard SYN-ACK response. This message goes unanswered, however, through one of several methods which do not involve sending any final ACK message to the server. At this point the server leaves the resources busy waiting for the ACK message, in the event that network congestion is the cause of the unanswered response.
However, servers have only limited resources for handling three-way handshakes, and many servers are designed to handle only eight of these processes at a time. SYN flooding consists of eight or more SYN messages sent without the corresponding ACK message, leaving all server resources busy waiting for a response that never comes. As long as it is waiting for these messages, no other users can connect to the server. While many servers were designed to empty their response queues after three minutes, someone launching a SYN attack could simply resend eight SYN messages every three minutes to keep the system locked down indefinitely.
Several solutions have been found for these types of attacks, so SYN flooding is often less successful than it used to be. A common solution uses “SYN cookies” to allow a system to drop its queue when eight requests have been reached, allowing new users to send connection requests to the server. If one of the older dropped requests eventually arrives, the cookies ensure that it is properly recognized as an ACK message and allow the user to connect to the server.
Protect your devices with Threat Protection by NordVPN
