SYN Flood Attack
SYN flood attack is a DoS attack where the attacker sends numerous TCP SYN requests to a target server, hoping to consume enough resources to prevent the transfer of legitimate traffic.
- withholds the client’s ACK packet during TCP three-way handshake
- client’s IP is spoofed
- an invalid or random IP is entered
- server’s SYN/ACK packet is misdirected
- server can maintain a queue of pending connections
- when does not receive an ACK packet, it resends the SYN/ACK packet a set number of times before timing out the connection
- problem is that server may only be able to manage a limited number of pending connections
- DoS attack quickly fills up
- thus server is unable to respond to genuine requests