Denial of Service Attacks (2)

• SYN Flood

  • SynFloods (Fall 1996) and Shake The Net ( 1997)
  • TCP is subject to SynFlood
  • 3-way handshake (ISN - initial sequence number)
    • A ------SYN(A,ISNa)----------------- ------>B
    • A <----ACK(A,ISNa),SYN(B,ISNb)------- B
    • A ------ACK(B,ISNb)------------------------>B
  • Systems must allocate resources for each SYN to come in
  • Attacker sends several SYN packets to a victim from a spoofed (fake), unanswering machine SYN(X,ISNx). Connection cannot be ACK and waits for timeout. The queue will fill up and the machine is going down or does not serve more requests. Some systems (IRIX 5.3, SunOS 4.1.3 allow for 8 simultaneous connections)

Previous slide

Next slide

Back to first slide

View graphic version