We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is SYN Flooding?

By G. Wiesen
Updated: May 17, 2024
Views: 8,982
Share

SYN flooding is a form of denial of service attack that can be launched on a computer server to overwhelm the server and not allow other users to access it. This is a somewhat older form of attack and was quite popular for a time due to the relatively low resources needed to launch it. The basic process for the attack utilizes the method by which users connect to a server through a transmission control protocol (TCP) to use all of the system’s resources. SYN flooding was once a popular form of attack, though a number of different solutions have been devised to reduce or eliminate its effectiveness on modern servers.

The basic idea behind SYN flooding utilizes the way in which users connect to servers through TCP connections. TCP uses a system called a three-way handshake that begins with a user sending a “synchronize” or SYN message to the server. The server then receives the message and sends back a “synchronize acknowledged” or SYN-ACK message to the user. Once the user’s system receives this message, a final “acknowledge” or ACK message is sent by the user to the server to establish the connection. This basic process takes place fairly quickly and ensures that both ends of the connection are synchronized.

A SYN flooding attack, however, uses this three-way handshake to tie up resources within the server, thereby preventing others from accessing the system. The SYN flooding attack begins with a SYN message sent to the server, which replies with the standard SYN-ACK response. This message goes unanswered, however, through one of several methods that result in no final ACK message being sent to the server. At this point, the server leaves resources committed to waiting for the ACK message, in case network congestion is the cause of the lack of response.

Servers only have limited resources for handling three-way handshakes, however, and many servers are designed to only handle eight such processes at a time. SYN flooding consists of eight or more SYN messages sent without the corresponding ACK message afterward, leaving all of the server’s resources committed to waiting for a response that will never come. As long as it is waiting for these messages, no other users can connect to the server. While many servers were designed to empty the queue for responses after three minutes, someone launching a SYN attack could simply resubmit eight SYN messages every three minutes to keep the system locked up indefinitely.

A number of different solutions for these types of attacks have been found, and so SYN flooding is often less successful than it was in the past. One common solution uses “SYN cookies” to allow a system to purge its queue when eight requests have been reached, allowing new users to send requests to connect to the server. If one of the older purged requests finally comes in, the cookies ensure that it is properly recognized as an ACK message and allows the user to connect to the server.

Share
WiseGeek is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.

Editors' Picks

Discussion Comments
Share
https://www.wisegeek.net/what-is-syn-flooding.htm
Copy this link
WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.