In a SYN Flood Attack an attacker sends SYN packets at a high rate to a server w

Question

In a SYN Flood Attack an attacker sends SYN packets at a high rate to a server without every completing the third handshake (the final client to server ACK the finalizes a connection). The server allocates resources (to store connection state information) for each received SYN and exhausts it connection resources preventing valid connections from being made. The SYN cookie approach (RFC 4987) is an effective defense against SYN Flood Attacks because the server does not need to allocate resources on a received SYN. For the standard TCP handshake (i.e., not using SYN cookies), exactly what state must be stored on the receipt of a SYN?

Explanation / Answer

Ans:

SYN queue is the list of connections in the connection table that are in the SYN-RECEIVED state. Connections in the SYN-RECEIVED state are considered Half-Open and are waiting for an ACK from the user. When the maximum number of connections is established, the SYN queue is full and other legitimate connections are not allowed.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.