Online Test Banks
Score higher
See Online Test Banks
eLearning
Learning anything is easy
Browse Online Courses
Mobile Apps
Learning on the go
Explore Mobile Apps
Dummies Store
Shop for books and more
Start Shopping

Common Network Attack Strategies: SYN Flooding

A SYN-flood is a network attack where the attacking device sends a series of SYN requests with the goal of overwhelming the network system. In the TCP world, your network devices are capable of handling a limited number of connections. It's a high number, but it's limited based on the device and its configuration. (SYN is an abbreviation for synchronize.)

What the attacking system does not do is respond to any of those returned SYN-ACK packets. Because you have a limited number of listening connections on your system, for a relatively short period of time, you cannot accept a new connection because all the lines are busy waiting for ACK packets from the person who opened all the connections.

image0.jpg

SYN flooding is a denial-of-service attack because legitimate users of the system cannot connect and do what they would typically be able to. This attack may interrupt services, or it may be an attempt to fill log files so that the actual attack does not leave any trances.

After one of your systems has been targeted by a SYN flood, you may be able to connect to the flooded system and clear these half-opened connections rather than waiting for the system to time them out and clear them on its own schedule. Although SYN flooding is an old attack, it is still an effective attack on many systems.

Cisco devices allow you to do a few things to reduce the effectiveness of these attacks:

  • Increasing the TCP backlog

  • Reducing the SYN-RECEIVED timer

  • Implementing a SYN cache

  • Implementing SYN cookies

blog comments powered by Disqus
Advertisement

Inside Dummies.com

Dummies.com Sweepstakes

Win $500. Easy.