What is a SYN Attack?
SYN AttacksThese attacks are a very common type of DDoS attack. The SYN-packet ties up a small amount of memory on the target's computer or network device.This is also known as a half open connection where the connection is not fully established since its still waiting for the fill handshake to occur.These half open connections can eventually exhaust the resources on the device. This will eventually leading to a crash.
MitigationTo mitigate this type of attack you can rate limit SYN-traffic per source also you can use mechanisms such as MOD Evasive fro Apache servers to protect web servers.For your Anti DDoS solution you may need to tweak settings if you are using NAT as its not unusual to see many SYN-packets going to the single NAT address.See the below video:Follow or email me: www.seanmancini.com - firstname.lastname@example.org
Do you like to write about your infosec knowledge, skills, opinions, or exploits?
Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!