ALERT

[WEBINAR] See the Whole Story: The Case for a Visualization Platform

SYN Attack

Definition - What does SYN Attack mean?

A SYN attack is a type of denial-of-service (DoS) attack in which an attacker utilizes the communication protocol of the Internet, TCP/IP, to bombard a target system with SYN requests in an attempt to overwhelm connection queues and force a system to become unresponsive to legitimate requests.

A SYN attack is also known as a TCP SYN attack or a SYN flood.

Techopedia explains SYN Attack

The easiest way to describe how a SYN attack works is to think about your local grocer with the ticket system to serve customers at the meat counter. Any new customer is expected to pull a new, numbered ticket from the dispenser so the grocer can service the line-up of customers in an orderly fashion.

Normally, this system works well. The grocer notes what ticket number is to be serviced next, calls out that number, the customer answers and the transaction is begun.

However, imagine if a large number of customers took tickets and the grocer patiently started calling out numbers only to have no customers respond. He would probably wait a minute or two and call another number. Eventually the whole system would break down with no transactions occurring because the grocer is too busy trying to figure out who to service.

This is the same process as a SYN attack. An attacker would send an initial request (a SYN) asking for acknowledgment from the receiving server (an ACK). The receiving server would place this in a queue with identifying information, using a small amount of memory and resources to do so. The server would expect a quick return from its acknowledgment but the attacker would not do so - or simply not respond. The server would wait for a pre-defined timeout period to discard the connection request.

In the meantime, if a large number of these requests had been hitting the server, it would eventually become overwhelmed and unresponsive.

What is important to understand about SYN attacks is the attacker does not have to use a very powerful system or large bandwidths to accomplish an attack. In fact, a typical home PC with a dial-up connection can generate sufficient activity to bring down whole websites. Couple this with the idea of distributed attacks, where malware infects a large number of computers, and it is possible to see how easy it is to cause large problems.

As a result, there is a large body of "best practices" on how to prevent this including appliances specifically designed to identify and strip out packets in a SYN flooding attack.

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
Tweat cdn.techopedia.com
"Techopedia" on Twitter


'@Techopedia'
Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Resources
Free Whitepaper: The Path to Hybrid Cloud
Free Whitepaper: The Path to Hybrid Cloud:
The Path to Hybrid Cloud: Intelligent Bursting To Amazon Web Services & Microsoft Azure
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.