Newsflash
|
After the good job that we have done with this site in the past 2 months, we have decided to sell onemileaway.com and all its content. At this moment the website produces several unique visitors per month, and has an Alexa rank of 1,069,434 . The traffic is still increasing everyday due to the SEO-strategies we have applied. This is an excellent opportunity for everybody who would buy a site already launched. The price is only 20.000$ and it is negotiable. Email us if you are interested. Thanks. |
| SYN Flood: definition and defense |
|
|
|
| Written by cecco | |
| Tuesday, 22 January 2008 | |
|
This is a kind of Denial Of Service attack which involves TCP/IP three way handshake. An attacker (A) begins a connection with a victim (B) by sending a SYN packet with the return address set to an unreachable host (C). Since the operating system of the victim allocates a chunk of memory for the half open connection with C, then if the attacker sends lots of SYN packet with different return addresses it will exhausts the memory of the victim’s operating system. So any further legitimate requests to establish a connection to the victim host will not be served because the victim has a full queue connection. The key point here is that the attacker sets return addresses of each SYN packet with an ip of an unreachable hosts, which forces the victim’s operating system to keep the connection half open until (a usually long) timeout occurs.
There are some possible defenses against this DoS. If the attacker sends SYN packets from a single host then you could use a packet filtering firewall, implementing a rule which forbids any traffic received from the attacker’s ip. Anyway, this is not practicable when the attacker uses many different source hosts. In this case you can use the SYN cookies technique, which eliminates the connection queue at the operating system level. |
| < Prev | Next > |
|---|
