Professional Documents
Culture Documents
PROTOCOLS FUNDAMENTALS
This attack uses TCP 3-way handshake to reserve all server ◾ Multicast (4)
available resources with fake SYN requests not allowing ◾ Network
legitimate users to establish connection to the server. SYN Fundamentals (18)
packet is the first step in TCP 3-way handshake. This is the
◾ Network layer (6)
step where client sends connection synchronization
request to the server. Server receives TCP SYN from client,
the server replies back with SYN ACK. SYN ACK ◾ Network
acknowledges synchronization request. Virtualization (2)
◾ Physical layer (2)
In that moment server is waiting the client to complete the
handshake by sending an ACK back to server to ◾ Presentation layer
acknowledge the SYN ACK. With this third step, TCP (1)
session is successfully established and communication ◾ Protocols (9)
between server and client begins. ◾ Routing (25)
If the ACK is not received from the client side, server will ◾ Security (39)
wait for it for some time and then the session will timeout ◾ Security – layer 2
and get dropped. When the server deletes the session, his (17)
resources will be released.
◾ Session layer (2)
◾ Switching (19)
TCP SYN FLOOD ATTACK
◾ Transport layer (8)
TCP SYN flood attack sends first packet of 3-way
◾ Troubleshooting (4)
handshake SYN packet to server many times to cause the
server to allocate resources for sessions that will never ◾ VoIP – Voice over IP
become established. It means that client who is attacking (11)
will never respond to server SYN ACK and the session will ◾ Scientific & Academic
remain on the second step of 3-way. (7)
Sending thousands of TCP SYN packets per second to the ◾ Word from the author
server with fake source IP and even from different locations (15)
is making the server really busy. Server will not know which
SYN packets are real and which are fake. He will reply with
SYN ACK to every SYN packets and allocate resources for
the anticipated TCP session.
SYN Flood
TCP INTERCEPT
In small networks where you don’t have a dedicated DDoS
box or some outside DDoS protection service, TCP Intercept
is a great and simple tool to use directly on the router. If you
are experiencing DoS attack to some of your internal
equipment this is the fastest way to get rid of it.