SYN Flood Attack: Short for Synchronize Flood Attack, an SYN is a type of DoS attack. Basically, the SYN is used to establish communication between two devices over the Transmission Control Protocol and Internet Protocol (TCP/IP). As the name itself suggests, it is a process of two systems synchronizing and finding a common ground for communication. SYN request is sent by one device to another who responds with SYN-ACK (Synchronization Acknowledgement). In the attack the number of requests sent by the sender is high but without the ACK which results in half-open connection (from which another name for this attack is derived; half-open attack) with the server not being able to establish a connection and the receiver waiting for it.
Consequences of this are the following:
- Until ACK is received, the system is programmed to wait with half-open connections because the reason for the delay could also be congestion in the network which is not an unusual thing. Receiving an ACK would result in a TCP three-way handshake.
- Meanwhile, the requests keep piling up flooding the system with traffic and consuming the bandwidth, server resources, etc.
- A large bandwidth will support a heavy amount of traffic flow but sooner or later it will be blocked. To prevent that, either a connection needs to be made or the oncoming SYN requests need to stop.
There’s a difference between SYN-ACK and ACK. When the sender, usually called a client, sends an SYN request, it is a message requesting a connection and the positive response from the server of the receiver is in the form of SYN-ACK. To complete the procedure of establishing a connection, the client needs to send ACK, failing to do to starts the process of a denial of services (DoS) attack because services are being denied.
This last step determines whether a connection will be made between devices or the main purpose is a malicious attack. If it is an attack, the client can also send a false Internet Protocol (IP) address in the first place along with the SYN request. A false IP address will not respond with an ACK.
SYN is one of the most effective ways to stop an SYN Flood Attack, which at first sends an invalid SYN-ACK to make sure the request from the client is legitimate. Other ways include setting the time limit for closing the half-open connections or adding the function of dropping the coming requests if there is already a half-open connection in the server.
Download Types of Network Attack, SYN Flood Attack in pdf – Click here