SYN Flood attacks are one of the oldest and simplest types of denial-of-service (DOS) attack. Originally used in 1983, SYN Flooding is a type of DOS attack that floods a victim’s bandwidth with TCP/IP connections requests, but never completes them.
Table of Contents
What is SYN Flood?
SYN Flood is a type of DOS attack that floods a victim’s bandwidth with TCP/IP connections requests, but never completes them. The hacker sends spoofed packets to your IP address from an open port on their computer attempting to connect. The attacker can then identify if they have been blocked by looking for traffic coming back from your server indicating you’re not accepting their connection request or it has timed out waiting for a response from your server. They repeat this process over and over again until all available ports on the target machine are taken up doing nothing but trying to communicate with the hacker’s computer.
This type of attack is very easy for hackers because it does not require any significant investment in time or money. The advanced hacking techniques required by web application attacks are replaced with a simple tool that can be downloaded and executed within minutes, making this one of the most common types of DOS attack seen on websites today. SYN Flood may seem harmless at first; however, if an attacker floods your server enough times they will eventually consume all available bandwidth causing you to lose customers due to website downtime and become susceptible to other security issues such as data theft.
How to prevent SYN Flood attack?
There are a couple of ways to help prevent SYN Flood attacks.
One way is by only allowing traffic through your server that you know and trust or from an IP address location with which you have a previous relationship, such as coming from another website within your company’s network.
Another option would be securing the Transmission Control Protocol (TCP), which can be done by implementing filtering devices on both ends of the data transmission path. Filtering devices provide protection against most DOS attacks including SYN Flooding because they limit access to networks and individual servers based upon specific criteria set up in advance by administrators.