惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
宝玉的分享
宝玉的分享
酷 壳 – CoolShell
酷 壳 – CoolShell
T
The Exploit Database - CXSecurity.com
Help Net Security
Help Net Security
腾讯CDC
Project Zero
Project Zero
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tailwind CSS Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Threatpost
N
News | PayPal Newsroom
C
Cybersecurity and Infrastructure Security Agency CISA
Hacker News - Newest:
Hacker News - Newest: "LLM"
S
SegmentFault 最新的问题
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Proofpoint News Feed
A
Arctic Wolf
B
Blog RSS Feed
Forbes - Security
Forbes - Security
P
Privacy & Cybersecurity Law Blog
Attack and Defense Labs
Attack and Defense Labs
V2EX - 技术
V2EX - 技术
P
Proofpoint News Feed
I
Intezer
Application and Cybersecurity Blog
Application and Cybersecurity Blog
阮一峰的网络日志
阮一峰的网络日志
aimingoo的专栏
aimingoo的专栏
T
Tenable Blog
MyScale Blog
MyScale Blog
U
Unit 42
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
WordPress大学
WordPress大学
W
WeLiveSecurity
D
DataBreaches.Net
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY
有赞技术团队
有赞技术团队
Martin Fowler
Martin Fowler
罗磊的独立博客
The Last Watchdog
The Last Watchdog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
Vulnerabilities – Threatpost
美团技术团队
Microsoft Security Blog
Microsoft Security Blog

Comments for Cyber Security News

10 Dangerous DNS Attacks Types & Prevention Measures - 2026 10 Dangerous DNS Attacks Types & Prevention Measures - 2026 10 Best Vulnerability Assessment and Penetration Testing (VAPT) Tools in 2026 10 Best Vulnerability Assessment and Penetration Testing (VAPT) Tools in 2026 Top 10 Best Google Alternatives In 2026 Top 10 Best Google Alternatives In 2026 What is SYN Attack? How Does the Attack Works ? What is the Difference Between Authentication vs Authorization? What is the Difference Between Authentication vs Authorization? Comment on SOC1 vs SOC2 – Cyber Threat Intelligence Guide by jo3 Data Encryption: Why Is It So Important? Data Encryption: Why Is It So Important? Unprotected US Critical Infrastructure Can be Hacked By Anyone - A Shocking Report Vulnerability in Million Times Downloaded iPhone app Let Attacker Listen to any User's Call Recording Vulnerability in Million Times Downloaded iPhone app Let Attacker Listen to any User's Call Recording FBI Could use a Tool to Access Private Signal Messages on iPhones FBI Could use a Tool to Access Private Signal Messages on iPhones GDPR & HIPAA Compliance - Key Similarities and Differences in the Compliance Requirements Unprotected US Critical Infrastructure Can be Hacked By Anyone - A Shocking Report
What is SYN Attack? How Does the Attack Works ?
Cyber Writes Team · 2023-06-11 · via Comments for Cyber Security News

TCP SYN Flood attacks are the most popular ones among DDOS attacks. Here we will discuss, in detail, the basis of the TCP SYN attack and to stop it before it reaches those servers.

It’s been more than two decades since the first DDOS attack was attempted at the University of Minnesota, knocking it down for two days. A lot followed that, including one of the biggest in the history of DDOS, which was against Github and involved a 1.35 TBps attack against the site.

DOS attacks pose severe threats to servers and websites by flooding the targeted servers with bogus traffic, denying legitimate traffic access.

How the SYN Attack Works

TCP SYN attack is one of the most popular DDOS attacks, which target the hosts that run TCP processes and exploit the normal TCP three-way handshake process. 

In a normal TCP scenario, communication between the client and server begins after establishing a virtual connection. The client initiates a connection by sending SYN requests to Server, and Server then responds back by sending SYN/ACK.

This SYN/ACK is an acknowledgment of the initial SYN request from the client. The client responds by ACK packet, completing the connection to start communication.

In a DDOS environment, a malicious actor spoofs the Client and sends excessive SYN requests from random IP addresses to the targeted server.

The server, assuming it to be legitimate requests responds with SYN/ACK, but never receives a final ACK back, thus tying up the Server’s resources with half-open TCP sessions which eventually leads to denying the legitimate connection requests.

How SYN Attack Works

How to Prevent SYN Flood Attack

SYN Cookies

Unlike normal TCP handshakes, it works by avoiding the need to maintain a state table for all TCP half-open connections. This method employs the use of cryptographic hashing. The server crafts the ISN (Initial Sequence Number) along with the initial SYN-ACK flood sent to the client.

This ISN is calculated based on Source IP, Destination IP, port numbers, and a secret number. When the server receives ACK from the Client, it validates it for its legitimacy by checking if the incremented ISN matches and then allocating memory for the connection.

Increasing Backlog Queue

Each Operating System allocates memory to half-open connections and there is a limit to the number of these connections it can hold. Once that limit is achieved, it starts dropping off the connection.

In the case of the SYN attack, the limit of the backlog can be increased and would prevent the dropping of legitimate connections.

Firewall Filtering

Firewall filtering can be enabled on the firewall to detect and prevent these SYN attacks. For example, the source threshold can be changed. In this case, a particular threshold can be set up before the firewall drops connections from one source.

It is important to note that, unlike other attacks, SYN attack doesn’t require robust systems; all the attacker need is a PC with a dial-up connection to launch high-impact attacks.

Related Read

Cyber Writes Team

Cyber Writes Teamhttps://www.cyberwrites.com

Work done by a Team Of Security Experts from Cyber Writes (www.cyberwrites.com) - World’s First Dedicated Content-as-a-Service (CaaS) Platform for Cybersecurity. For Exclusive Cyber Security Contents, Reach at: business@cyberwrites.com