Menu

SYN Flood Attack

SYN Flood Attack

A SYN attack (or SYN flood) in cybersecurity is a type of DDoS attack that overwhelms a server by exploiting the TCP 3-way handshake: attackers send numerous initial connection requests (SYN packets) but never complete the handshake (with the final ACK), leaving the server with many half-open connections that exhaust its resources, making it unresponsive to legitimate users. This denial-of-service leaves the server unable to handle new connections, causing sluggishness or complete unavailability. 

 

How it Works (The TCP Handshake & Attack)

    1. Normal TCP Handshake:
      • Client sends a SYN (synchronize) packet to the server.
      • Server replies with a SYN-ACK (synchronize-acknowledge) packet.
      • Client sends an 
        ACK
         (acknowledgment) packet, completing the connection
        .
  • SYN Flood Attack:
    • Attacker sends a flood of SYN packets, often with spoofed (fake) source IP addresses.
    • The server responds with SYN-ACK for each, but since the source IP is fake, the final ACK never arrives.
    • The server keeps these “half-open” connections waiting, consuming memory and port resources.
    • Eventually, all available connection resources are used up, blocking legitimate users from connecting. 

Key Characteristics & Impact

  • Resource Exhaustion: Ties up server memory, CPU, and connection tables.
  • Service Disruption: Makes web servers, email servers, and other TCP-based services unavailable.
  • Difficulty in Tracing: Spoofed IPs make it harder to find the real attacker.
  • “Half-Open Attack”: A common name due to the incomplete connections left open. 

Mitigation Techniques

Some of the mitigation techniques are as follows:

  • SYN Cookies: A method to verify connections without storing state for half-open connections.
  • Firewalls & Intrusion Prevention Systems (IPS): Can detect and block suspicious SYN traffic.
  • Rate Limiting: Restricting the number of connection requests from a single source.
  • DDoS Protection Services: Cloud-based solutions that absorb and filter attack traffic. 

Related Posts

ISTQB Certified Tester AI Testing

ISTQB Certified Tester AI Testing Software Testing is an essential part of building reliable applications, and as Artificial Intelligence (AI) becomes more common in modern software systems, the need for specialized AI Testing has grown. The ISTQB Certified Tester AI Testing certification is a professional qualification designed to equip testers with the knowledge and skills […]

Quality Assurance Audit

A Quality Assurance Audit( QA Audit ) is a systematic and comprehensive examination of an organization’s processes, procedures, and systems to ensure they conform to established

AI and Machine Learning in Testing

AI and Machine Learning in Testing Artificial Intelligence (AI) and Machine Learning (ML) are transforming software testing by introducing predictive capabilities and smarter test automation tools. These technologies can analyze vast amounts of data to identify patterns, helping testers anticipate potential issues before they occur. Predictive Analytics in Testing Predictive analytics uses historical data and […]