Encyclopedia > SYN flood

  Article Content

SYN flood

When a client attempts to start a TCP connection to a server, the client and server exchange a series of messages.

The client starts by sending a SYN packet to the server. The server responds the SYN message by sending a SYN-ACK message back to the client. Normally, the client will reply with an ACK message and the connection is then established.

During the period after server has sent the SYN-ACK message but before the client has replied with the ACK message, the connection is said to be a half-open connection[?]. The half-open connection is consuming a tiny bit of memory on the server for data structures related to the would-be connection.

On many operating systems, it was/is possible to consume all the available resources allocated for half-open connections by creating a client which would not send an ACK to the SYN-ACK message.

Depending on the implementation this may lead to the server being unable to accept new clients, or possibly even crash.

This attack is a form of Denial of service.

SYN cookies were invented to combat this form of attack.



All Wikipedia text is available under the terms of the GNU Free Documentation License

 
  Search Encyclopedia

Search over one million articles, find something about almost anything!
 
 
  
  Featured Article
East Islip, New York

... 73°11'6" West (40.731938, -73.185135)1. According to the United States Census Bureau, the town has a total area of 11.3 km² (4.4 mi²). 10.6 km² (4.1 ...

 
 
 
This page was created in 33 ms