What is a SYN attack or flood?
A. The SYN (TCP connection request) attack is a common denial of service (DoS) technique characterized by the following pattern:
- Using a spoofed IP address not in use on the Internet, an attacker sends multiple SYN packets to the target machine.
- For each SYN packet received, the target machine allocates resources and sends an acknowledgement (SYN-ACK) to the source IP address.
- Because the target machine doesn’t receive a response from the attacking machine, it attempts to resend the SYN-ACK five times, at 3-, 6-, 12-, 24-, and 48-second intervals, before unallocating the resources 96 seconds after attempting the last retry. If you add it all together, you can see that the target machine allocates resources for more than 3 minutes to respond to just one SYN attack.
When an attacker uses this technique repeatedly, the target machine eventually runs out of resources and is unable to handle any more connections, thereby denying service to legitimate users.
Also, what is a SYN Flood?
Look here:
http://en.wikipedia.org/wiki/SYN_flood
