SYN Flood is also known as Sync Flood or Sync Storm. It is a DOS (Denial-Of-Service) attack.
The attacker quickly initiates a TCP connection, but does not complete it. As a result, the server will spend resources waiting for the connection to complete, and eventually when the attacker occupies enough resources, the server will not be able to provide responses for normal requests.
The normal steps to establish a connection are:
- Client sends SYN message
- The server returns a SYN-ACK message
- The client sends an ACK message and the connection is established.
This is also called the TCP three-way handshake.
An attacker can keep the server waiting by not returning an ACK message. An attacker can also include a fake IP address in the SYN message, causing the server's SYN-ACK message to be sent elsewhere.
countermeasures
- filter
- Increase backlog (waiting queue)
- Decrease SYN-RECEIVED timer
- Recycle the oldest half-open TCP connection
- SYN cache
- SYN cookies
- mixed means
- Firewalls and proxies
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。