Skip to main content


Home SYN flood

SYN flood

(also TCP SYN flood)

SYN flood definition

A SYN flood, or TCP SYN flood, is a type of denial-of-service (DoS) attack that exploits part of the standard TCP/IP handshake process to overwhelm the targeted server's resources, rendering it unresponsive. The attacker sends multiple SYN (synchronization) packets to a target, each appearing to originate from a different IP address. The target server, acknowledging each request, waits for the corresponding ACK (acknowledgment) responses that never arrive, consuming resources and potentially causing a denial of service.

See also: VPN firewall, brute-force attack, firewall, TCP handshake

SYN flood examples

  • Distributed denial-of-service (DDoS) attacks: Attackers may utilize a SYN flood as part of a larger DDoS attack to bring down a website or online service.
  • Network disruption: Cybercriminals could employ SYN floods to disrupt a network, causing business operations to halt.

Defending against SYN floods

  • Use SYN cookies: This technique eliminates the need for a server to keep track of half-open connections, reducing the impact of a SYN flood.
  • Deploy firewall rules: A well-configured firewall can detect and mitigate SYN floods.
  • Use a VPN: A virtual private network can add an extra layer of security and make it more difficult for an attacker to target a specific IP address.