Figure 370 Tcp Three-Way Handshake; Figure 371 Syn Flood - ZyXEL Communications ZyWALL USG 300 User Manual

Chapter 31 ADP

Figure 370 TCP Three-Way Handshake

A SYN flood attack is when an attacker sends a series of SYN packets. Each packet causes the
receiver to reply with a SYN-ACK response. The receiver then waits for the ACK that follows
the SYN-ACK, and stores all outstanding SYN-ACK responses on a backlog queue. SYN-
ACKs are only moved off the queue when an ACK comes back or when an internal timer ends
the three-way handshake. Once the queue is full, the system will ignore all incoming SYN
requests, making the system unavailable for other users.

Figure 371 SYN Flood

LAND Attack
In a LAND attack, hackers flood SYN packets into a network with a spoofed source IP address
of the network itself. This makes it appear as if the computers in the network sent the packets
to themselves, so the network is unavailable while they try to respond to themselves.
UDP Flood Attack
UDP is a connection-less protocol and it does not require any connection setup procedure to
transfer data. A UDP flood attack is possible when an attacker sends a UDP packet to a
random port on the victim system. When the victim system receives a UDP packet, it will
determine what application is waiting on the destination port. When it realizes that there is no
application that is waiting on the port, it will generate an ICMP packet of destination
unreachable to the forged source address. If enough UDP packets are delivered to ports on
victim, the system will go down.
506
ZyWALL USG 300 User's Guide