SYN Attack

lightbulb

SYN Attack

SYN Attack (SYN Flood) is a Denial of Service (DoS) attack where a large number of SYN (Synchronize) requests are sent to a target computer in an attempt to exhaust its resources and disrupt its normal operations.

What does SYN Attack mean?

A SYN attack, short for “SYN flood attack,” is a type of cyberattack that attempts to exhaust resources on a targeted computer or network by flooding it with a large number of SYN (synchronization) packets. In a SYN attack, the attacker sends an initial SYN Packet to a target, which initiates a Three-Way Handshake for establishing a TCP connection. However, the attacker does not complete the handshake, leaving the targeted system with a large number of half-open connections. These half-open connections consume resources, eventually causing the system to slow down or crash.

The three-way handshake in TCP is a series of messages exchanged between a Client and a server to establish a connection. It consists of three steps:

  1. The client sends a SYN packet to the server, requesting a connection.
  2. The server responds with a SYN-ACK packet, acknowledging the client’s request and sending a synchronization acknowledgment.
  3. The client responds with an ACK packet, acknowledging the server’s SYN-ACK packet.

In a SYN attack, the attacker sends a large number of SYN packets to the target, and does not complete the handshake by sending an ACK packet. As a result, the targeted system is left with a pool of half-open connections in its Queue, consuming resources and slowing down the system.

Applications

SYN attacks are primarily used for denial-of-service (DoS) attacks, where the goal is to disrupt or crash a target computer or network. By flooding the target with a large number of SYN packets, attackers can quickly exhaust the system’s resources, causing it to slow down or become unresponsive. This can disrupt critical services, such as websites, email, or online banking, and can cause significant financial losses or reputational damage for organizations.

History

SYN attacks have been around for several decades, since the early days of the internet. The first known SYN attack was documented in 1996, and the technique has been used in numerous high-profile cyberattacks over the years. In 2016, for example, a series of SYN attacks targeted major websites and online services, including Amazon, PayPal, and GitHub, disrupting their services for several hours.

Over the years, attackers have developed increasingly sophisticated methods for launching SYN attacks, including using botnets to amplify the number of packets sent to a target. To combat SYN attacks, organizations have implemented various countermeasures, such as SYN cookies, SYN rate limiting, and SYN proxy servers. These measures can help mitigate the impact of SYN attacks, but cannot completely eliminate them.