ZyXEL Communications ZyWALL USG 200 Series User Manual page 644

Chapter 35 ADP
the initiator responds with an ACK (acknowledgment). After this handshake, a
connection is established.
Figure 449 TCP Three-Way Handshake
A SYN flood attack is when an attacker sends a series of SYN packets. Each packet
causes the receiver to reply with a SYN-ACK response. The receiver then waits for
the ACK that follows the SYN-ACK, and stores all outstanding SYN-ACK responses
on a backlog queue. SYN-ACKs are only moved off the queue when an ACK comes
back or when an internal timer ends the three-way handshake. Once the queue is
full, the system will ignore all incoming SYN requests, making the system
unavailable for other users.
Figure 450 SYN Flood
LAND Attack
In a LAND attack, hackers flood SYN packets into a network with a spoofed source
IP address of the network itself. This makes it appear as if the computers in the
network sent the packets to themselves, so the network is unavailable while they
try to respond to themselves.
644
ZyWALL USG 100/200 Series User's Guide