Connect with us

Hi, what are you looking for?

Cyber Security

What is SYN Attack? How Does the Attack Works ?

TCP SYN Flood attacks are the most popular ones among DDOS attacks. Here we will discuss, in detail, the basis of the TCP SYN attack and to stop it before it reaches those servers.

It’s been more than two decades since the first DDOS attack was attempted at the University of Minnesota, knocking it down for two days. A lot followed that, including one of the biggest in the history of DDOS, which was against Github and involved a 1.35 TBps attack against the site.

DOS attacks pose severe threats to servers and websites by flooding the targeted servers with bogus traffic, denying legitimate traffic access.

How the SYN Attack Works

TCP SYN attack is one of the most popular DDOS attacks, which target the hosts that run TCP processes and exploit the normal TCP three-way handshake process. 

In a normal TCP scenario, communication between the client and server begins after establishing a virtual connection. The client initiates a connection by sending SYN requests to Server, and Server then responds back by sending SYN/ACK.

This SYN/ACK is an acknowledgment of the initial SYN request from the client. The client responds by ACK packet, completing the connection to start communication.

In a DDOS environment, a malicious actor spoofs the Client and sends excessive SYN requests from random IP addresses to the targeted server.

The server, assuming it to be legitimate requests responds with SYN/ACK, but never receives a final ACK back, thus tying up the Server’s resources with half-open TCP sessions which eventually leads to denying the legitimate connection requests.

How to Prevent SYN Flood Attack

SYN Cookies

Unlike normal TCP handshakes, it works by avoiding the need to maintain a state table for all TCP half-open connections. This method employs the use of cryptographic hashing. The server crafts the ISN (Initial Sequence Number) along with the initial SYN-ACK flood sent to the client.

This ISN is calculated based on Source IP, Destination IP, port numbers, and a secret number. When the server receives ACK from the Client, it validates it for its legitimacy by checking if the incremented ISN matches and then allocating memory for the connection.

Increasing Backlog Queue

Each Operating System allocates memory to half-open connections and there is a limit to the number of these connections it can hold. Once that limit is achieved, it starts dropping off the connection.

In the case of the SYN attack, the limit of the backlog can be increased and would prevent the dropping of legitimate connections.

Firewall Filtering

Firewall filtering can be enabled on the firewall to detect and prevent these SYN attacks. For example, the source threshold can be changed. In this case, a particular threshold can be set up before the firewall drops connections from one source.

It is important to note that, unlike other attacks, SYN attack doesn’t require robust systems; all the attacker need is a PC with a dial-up connection to launch high-impact attacks.

Copyright 2021 Associated Press. All rights reserved.

Advertisement. Scroll to continue reading.

Source: https://cybersecuritynews.com/syn-attack/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

In recent findings from Check Point Research, a significant phishing attack targeting more than 40 prominent Colombian companies has been uncovered.  The attackers behind this campaign...

Cyber Security

According to recent reports, a threat actor has compromised the confidential information of 3,200 Airbus vendors. The exposed data includes sensitive details such as...

Cyber Security

A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned privacy-focused webmail service. ...

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO