SYN Flood Attack: Short for Synchronize Flood Attack, an SYN is a type of DoS attack. Basically, the SYN is used to establish communication between two devices over the Transmission Control Protocol and Internet Protocol (TCP/IP). As the name itself suggests, it is a process of two systems synchronizing and finding a common ground for communication. SYN request is sent by one device to another who responds with SYN-ACK (Synchronization Acknowledgement). To know more about SYN Flood Attack, keep reading this article till the end.
In the attack the number of requests sent by the sender is high but without the ACK which results in half-open connection (from which another name for this attack is derived; half-open attack) with the server not being able to establish a connection and the receiver waiting for it.
Consequences of this are the following:
- Until ACK is received, the system is programmed to wait with half-open connections because the reason for the delay could also be congestion in the network which is not an unusual thing. Receiving an ACK would result in a TCP three-way handshake.
- Meanwhile, the requests keep piling up flooding the system with traffic and consuming the bandwidth, server resources, etc.
- A large bandwidth will support a heavy amount of traffic flow but sooner or later it will be blocked. To prevent that, either a connection needs to be made or the oncoming SYN requests need to stop.
There’s a difference between SYN-ACK and ACK. When the sender, usually called a client, sends an SYN request, it is a message requesting a connection and the positive response from the server of the receiver is in the form of SYN-ACK. To complete the procedure of establishing a connection, the client needs to send ACK, failing to do to starts the process of a denial of services (DoS) attack because services are being denied.
This last step determines whether a connection will be made between devices or the main purpose is a malicious attack. If it is an attack, the client can also send a false Internet Protocol (IP) address in the first place along with the SYN request. A false IP address will not respond with an ACK.
SYN is one of the most effective ways to stop an SYN Flood Attack, which at first sends an invalid SYN-ACK to make sure the request from the client is legitimate. Other ways include setting the time limit for closing the half-open connections or adding the function of dropping the coming requests if there is already a half-open connection in the server.
Download Types of Network Attack, SYN Flood Attack in pdf – Click here