Skip to main content

What is SYN Flood ? How its Working ?

A SYN flood is an attack on a target system, specifically anattack in a key design attribute of the TCP/IP networkingprotocol.

In a SYN flood, the attacker sends thousands of SYN packets to a target system. A SYN packet is ordinarily a message sent from another computer that wants to establish a network connection with the target. Upon receiving the SYN, the target system will reply with a SYN/ACK, at which point the conversation will begin.




An important fact to note is that the target computer will allocate resources (mainly, memory) in anticipation of the new connection. But in a SYN flood, the attacker sends thousands of SYNs and ignores all the SYN/ACKs. The purpose of this is to flood the target system until it is incapable of communicating on any legitimate channels.A SYN flood is a special type of a denial of service attack.
These attacks are discussed in the next section.

How to Defeat it ?
micro blocks

Instead of allocating a complete connection object (which causes the memory failure), simply allocate a micro-record. Newer implementations allocate as little as 16-bytes for the incoming SYN object.

SYN cookies

Instead of allocating a record, send a SYN-ACK with a carefully constructed seqno generated as a hash of the clients IP address, port number, and other information. When the client responds with a normal ACK, that special seqno will be included, which the server then verifies. Thus, the server first allocates memory on the third packet of the handshake, not the first. However, the cryptographic hashing used in SYN cookies is fairly expensive, so servers that expect lots of incoming connections may choose not to use it. (Conversely, newer TCP stacks need to implement secure sequence numbers anyway in order to avoid TCP seqno prediction, so this is not necessarily a problem).

RST cookies

An alternative to SYN cookies, but may cause problems with Win95 machines and/or machines behind firewalls. The way this works is that the server sends a wrong SYNACK back to the client. The client should then generate a RST packet telling the server that something is wrong. At this point, the server knows the client is valid and will now accept incoming connections from that client normally.

stack tweaking

TCP stacks can be tweaked in order to reduce the effect of SYN floods. The most common example is to reduce the timeout before a stack frees up the memory allocated for a connection. Another technique would be to selectively drop incoming connections.

Comments

Popular posts from this blog

CIA Triad for- Base of Information security

The essential security principles of confidentiality, integrity, and availability are often  referred to as the  CIA Triad. All security controls must address these principles. These three  security principles serve as common threads throughout the CISSP CBK. Each domain  addresses these principles in unique ways, so it is important to understand them both in  general terms and within each specific domain: Confidentiality is the principle that objects are not disclosed to unauthorized subjects. Integrity is the principle that objects retain their veracity and are intentionally modified by  authorized subjects only. Availability is the principle that authorized subjects are granted timely access to objects  with sufficient bandwidth to perform the desired interaction. Different security mechanisms address these three principles in different ways and offer varying  degrees of support or application of these principl...

List of Company Slogans

·          3M : "Innovation" ·          Agere Systems : "How Communication Happens" ·          Agilent : "Dreams Made Real" ·          Airbus : "Setting the Standards" ·          Amazon.com : "…and You're Done" ·          AMX : "It's Your World. Take Control" ·          Anritsu : "Discover What's Possible ·          AT&T : "Your World. Delivered" ·          ATG Design Services : "Circuit Design for the RF Impaired" ·          ATI Technologies : "Get In the Game" ·          BAE Systems : "Innovatin...

My Article :- હેકર બનવું છે? કઈ રીતે?

મારી ૨ વર્ષ ની કારકિર્દી માં મને કેટલાય  લોકોએ, ખાસ કરીને કોલેજ ના વિદ્યાર્થીઓએ ઘણી વાર પૂછ્યું છે કે "મારે હેકર બનવું છે. તો હું શું કરું? " અને મારા બ્લોગ્સ માં પણ પૂછવામાં આવે છે કે એક સારો હેકર કઈ રીતે બની શકાય? એવું હું શું કરું અથવા તો મારા માં કઈ લાયકત હોવી જોઈએ એક હેકર બનવા માટે? આ પ્રશ્ન નો સંતોષકારક જવાબ આપવા માટે મેં internet પર શોધખોળ કર્યા પછી મને જે કઈ માહિતી મળી તેને હું આજે અહી રજુ કરું છું. મિત્રો, સૌપ્રથમ હેકર કઈ રીતે બનવું એ જાણવા પહેલા એ જાણવું જરૂરી છે કે ખરેખર હેકિંગ શું છે ? અને હેકર કોને કહેવાય. હેકિંગ ની સીધી અને સરળ વ્યાખ્યા નીચે મુજબ છે.  "તમારા કમ્પ્યુટર,નેટવર્ક(ઈન્ટરનેટ કે LAN દ્વારા) કે કોઈ ડીવાઈસ માં (ફોન, ટેબ્લેટ) માં કરવામાં આવતા ગેરકાયદેસર પ્રવેશ અને ઉપયોગ એ હેકિંગ કહેવાય છે."અને હેકિંગ કરતા લોકોને હેકર કહેવાય છે. હવે તમને થશે કે આવું શું કામ કરવું જોઈએ? આ તો ક્રાઈમ છે. તો તમને જણાવી દઉં કે હેકર મુખ્યત્વે ૨ પ્રકારના હોય છે.    વાઈટ હેટ હેકર્સ (એથીકલ હેકર્સ) : ધારો કે તમે તમારો ફેસબુક નો પાસવર્ડ ભૂલી ગયા(ખરેખર ના ભૂલતા ક્યારેય..)કે ત...