Security Basics mailing list archives

RE: syn flooding attack and bandwidth consumation

From: "Benjamin Meade" <ben () lanwest com au>
Date: Tue, 5 Nov 2002 10:11:53 +0800




When a server receives a syn packet on an open port, it sends back a
syn/ack packet, and then allocates a certain amount of server resources
to handle the client request. A syn flood only sends syn packets, and
will not reply with an ack after the server sends back its syn/ack. The
theory behind the attack is to force the server to allocate all its
resources to the bogus requests. It requires relatively few syn packets
to flood the server, and so your bandwidth usually will not be flooded,
just the server. Note that although a syn attack does not *need* to
consume all of your bandwidth to flood your server, there is nothing to
stop overkill on the syn packets flooding your network anyway. 

Benjamin Meade
Systems Administrator
LanWest Pty Ltd

Current thread:

syn flooding attack and bandwidth consumation SB CH (Nov 04)
- Re: syn flooding attack and bandwidth consumation David J. Bianco (Nov 05)
- Re: syn flooding attack and bandwidth consumation hackerwacker (Nov 08)
- Re: syn flooding attack and bandwidth consumation Srecko Jovancevic (Nov 08)
- <Possible follow-ups>
- syn flooding attack and bandwidth consumation charles lindsay (Nov 05)
- RE: syn flooding attack and bandwidth consumation Benjamin Meade (Nov 09)