What is a SYN Attack ?

A SYN attack is an exploit of the TCP/IP stack where by an attacker send SYN packets and suppresses the SYN -ACK  packet.

This type of attack can be Volumetric where by the attacker send a large amount of data to a link to  saturate the link .

It can also be a trickle attack where the attack doesn’t  generate a lot of bandwidth but ties up the resources on the devices.

See the below Image for a example of  the process of a SYN-ATTACK

Syn Flood  wikipedia

 

SYN attacks are a very common type of DDoS attack  the  SYN packet  ties up a small amount of memory on the targets computer or network device.

This is also known as a  half open connection where the connection is not fully established since its still waiting for the fill handshake to occur.

These half open connections  can eventually exhaust the resources on the device eventually leading to a crash.

Mitigation

To  mitigate this type of attack you can rate limit SYN  traffic per source  also you can use mechanisms such as MOD Evasive  fro Apache servers to protect  web servers.

For your Anti DDoS solution you may need to tweak settings if you are using NAT as its not unusual to see many SYN packets  going to the single NAT address.

See the below video \

 

 

Liked it? Take a second to support Sean Mancini on Patreon!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.