Encyclopedia > SYN flood

  Article Content

SYN flood

When a client attempts to start a TCP connection to a server, the client and server exchange a series of messages.

The client starts by sending a SYN packet to the server. The server responds the SYN message by sending a SYN-ACK message back to the client. Normally, the client will reply with an ACK message and the connection is then established.

During the period after server has sent the SYN-ACK message but before the client has replied with the ACK message, the connection is said to be a half-open connection[?]. The half-open connection is consuming a tiny bit of memory on the server for data structures related to the would-be connection.

On many operating systems, it was/is possible to consume all the available resources allocated for half-open connections by creating a client which would not send an ACK to the SYN-ACK message.

Depending on the implementation this may lead to the server being unable to accept new clients, or possibly even crash.

This attack is a form of Denial of service.

SYN cookies were invented to combat this form of attack.



All Wikipedia text is available under the terms of the GNU Free Documentation License

 
  Search Encyclopedia

Search over one million articles, find something about almost anything!
 
 
  
  Featured Article
List of closed London Underground stations

... now the Hammersmith & City Line) Uxbridge Road tube station[?] York Road tube station[?] As are these stations, all of which were at the far end of the Metropolita ...

 
 
 
This page was created in 34.4 ms