The client starts by sending a SYN packet to the server. The server responds the SYN message by sending a SYN-ACK message back to the client. Normally, the client will reply with an ACK message and the connection is then established.
During the period after server has sent the SYN-ACK message but before the client has replied with the ACK message, the connection is said to be a half-open connection[?]. The half-open connection is consuming a tiny bit of memory on the server for data structures related to the would-be connection.
On many operating systems, it was/is possible to consume all the available resources allocated for half-open connections by creating a client which would not send an ACK to the SYN-ACK message.
Depending on the implementation this may lead to the server being unable to accept new clients, or possibly even crash.
This attack is a form of Denial of service.
SYN cookies were invented to combat this form of attack.
Search Encyclopedia
|
Featured Article
|