SYN attack

July 2015

SYN attack

The "SYN attack" (also called "TCP/SYN Flooding") is a network saturation (denial-of-service) attack that exploits the Three-way handshake mechanism of the TCP protocol.

The three-way handshake is the way in which any "reliable" internet connection (connection using the TCP protocol) is made.

TCP/SYN flooding

When a client establishes a connection to a server, the client sends an SYN request; the server responds with an SYN/ACK packet and the client validates the connection with an ACK (acknowledgement) packet.

A TCP connection cannot be established until these 3 steps have been completed. The SYN attack involves sending a large number of SYN requests via a host with a nonexistent or invalid IP address. As a result, the target machine cannot receive an ACK packet.

Machines vulnerable to SYN attacks queue up the open connections in a data memory structure and wait to receive an ACK packet. There is an expiration mechanism that makes it possible to reject packets after a certain amount of time has passed. However, with an extremely high number of SYN packets, if the resources used by the target machine to store queued requests are all used up, the machine risks entering a unstable state that can cause it to crash or restart.

For unlimited offline reading, you can download this article for free in PDF format:
Syn-attack .pdf

See also


Ataque SYN
Ataque SYN
SYN-Angriff
SYN-Angriff
Attaque SYN
Attaque SYN
Attacco SYN
Attacco SYN
Ataque SYN
Ataque SYN
This document entitled « SYN attack » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.