Thursday, August 28, 2008

SYN flood attack

The SYN flood attack takes advantage of the TCP three-way handshake. This method operates two separate ways. Both methods attempt to start a three-way handshake, but not complete it. You can view the proper three-way handshake below.

The first attack method can be achieved when the attacker sends a synchronize request, or SYN, with a spoofed IP address. When the server tries to send back a SYN-ACK request, or synchronize-acknowledge request, it will obviously not get a response. This means that the server never obtains the client’s ACK request, and resources are left half-open.

Alternatively, the attacker can just choose to not send the acknowledgement request. Both of these methods stall the server, who is patiently waiting for the ACK request. Thankfully, this hole in the three-way handshake has been patched for years, just like the ping of death attack. Should you suspect that your older devices are the subject of this attack, upgrade them immediately.


Post a Comment


Subscribe in Bloglines Msn bot last visit powered by MyPagerank.Net Yahoo bot last visit powered by MyPagerank.Net
I heart FeedBurner downtime checker The Ubuntu Counter Project - user number # 31290

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Powered by TadPole