SYN flood
SYN flood
(also TCP SYN flood)
SYN flood definition
A SYN flood, or TCP SYN flood, is a type of denial-of-service (DoS) attack that exploits part of the standard TCP/IP handshake process to overwhelm the targeted server’s resources, rendering it unresponsive. The attacker sends multiple SYN (synchronization) packets to a target, each appearing to originate from a different IP address. The target server, acknowledging each request, waits for the corresponding ACK (acknowledgment) responses that never arrive, consuming resources and potentially causing a denial of service.
See also: VPN firewall, brute-force attack, firewall, TCP handshake
SYN flood examples
- Distributed denial-of-service (DDoS) attacks: Attackers may utilize a SYN flood as part of a larger DDoS attack to bring down a website or online service.
- Network disruption: Cybercriminals could employ SYN floods to disrupt a network, causing business operations to halt.
Defending against SYN floods
- Use SYN cookies: This technique eliminates the need for a server to keep track of half-open connections, reducing the impact of a SYN flood.
- Deploy firewall rules: A well-configured firewall can detect and mitigate SYN floods.
- Use a VPN: A virtual private network can add an extra layer of security and make it more difficult for an attacker to target a specific IP address.