Re: syn flooding attack and bandwidth consumation

["David J. Bianco" <bianco () jlab org>]

On Mon, 2002-11-04 at 04:58, SB CH wrote:
> Hello, all.
>
> As you know, when I received smurf attack which is icmp based attack, the 
> bandwidth is full.
> But when I receive syn flooding attack, the bandwidth is full or not?
> As my test, the syn and ayn+ack packet size is 0.
> So I think that the syn flooding attack has no relations with bandwith 
> based attack? right?

This is basically true.  A SYN flood is an attempt to fill up an
internal table in your host's TCP/IP stack by repeatedly sending
only the first stage of the three stage handshake protocol.  Not only
does this usually consume little bandwidth (these packets are small
and it usually doesn't take many of them), but it's only effective
against a single host.  Other hosts probably continue to share the same
network connection without error.  You might have to worry about
bandwidth if you were on a slow connection, like a dialup modem, but
for DSL, Cable or anything faster, it's probably a non-issue.

        David


-- 
David J. Bianco, GSEC GCUX              <bianco () jlab org>
Thomas Jefferson National Accelerator Facility
GPG Fingerprint:   516A B80D AAB3 1617 A340  227A 723B BFBE B395 33BA

     The views expressed herein are solely those of the author and
            not those of SURA/Jefferson Lab or the US DOE.