Table of Contents
Advertisement
15.3.7 TCP SYN Flood Attack
Usually a client starts a session by sending a SYN (synchronize) packet to a server.
The receiver returns an ACK (acknowledgment) packet and its own SYN, and then
the initiator responds with an ACK (acknowledgment). After this handshake, a
connection is established.
Figure 125 TCP Three-Way Handshake
A SYN flood attack is when an attacker sends a series of SYN packets. Each packet
causes the receiver to reply with a SYN-ACK response. The receiver then waits for
the ACK that follows the SYN-ACK, and stores all outstanding SYN-ACK responses
on a backlog queue. SYN-ACKs are only moved off the queue when an ACK comes
back or when an internal timer ends the three-way handshake. Once the queue is
full, the system will ignore all incoming SYN requests, making the system
unavailable for other users.
Figure 126 SYN Flood
P-794H User's Guide
Chapter 15 Security
197
Advertisement
Table of Contents
