Basic HTML version of Foils prepared May 19 99

Foil 12 Denial of Service Attacks (2)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. by Roman Markowski
1 SYN Flood
  • SynFloods (Fall 1996) and Shake The Net ( 1997)
  • TCP is subject to SynFlood
  • TCP based on 3-way handshake (ISN - initial sequence number)
    • A ------SYN(A,ISNa)----------------- ------>B
    • A <----ACK(A,ISNa),SYN(B,ISNb)------- B
    • A ------ACK(B,ISNb)------------------------>B
  • Systems must allocate resources for each SYN to come in
  • Attacker sends several SYN packets to a victim from a spoofed (fake), unanswering machine SYN(X,ISNx). Connection cannot be ACK and waits for timeout. The queue will fill up and the machine is going down or does not serve more requests. Some systems (IRIX 5.3, SunOS 4.1.3 allow for 8 simultaneous connections; timeout=several minutes)
in Table To:

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Mon Aug 16 1999