Synchronization Acknowledgement (SYN) Network Attack

https://f002.backblazeb2.com/b2api/v1/b2_download_file_by_id?fileId=4_za8a2358db1d7f91b68b30916_f1154a1b4d27ff529_d20190918_m064518_c002_v0001124_t0043

Short for Synchronize Flood Attack, an SYN is a type of DoS attack. Basically, the SYN is used to establish communication between two devices over the Transmission Control Protocol and Internet Protocol (TCP/IP). As the name itself suggests, it is a process of two systems synchronizing and finding a common ground for communication.

SYN request is sent by one device to another who responds with SYN-ACK (Synchronization Acknowledgement). In the attack the number of requests sent by the sender is high but without the ACK which results in half-open connection (from which another name for this attack is derived; half-open attack) with the server not being able to establish a connection and the receiver waiting for it.

 

Consequences of this are the following:

• Until ACK is received, the system is programmed to wait with half-open connections because the reason of delay could also be congestion in the network which is not an unusual thing. Receiving an ACK would result in a TCP three way handshake. 

 

• Meanwhile, the requests keep piling up flooding the system with traffic and consuming the bandwidth, server resources, etc.

 

• A large bandwidth will support a heavy amount of traffic flow but sooner or later it will be blocked. To prevent that, either a connection needs to be made or the oncoming SYN requests need to stop. There’s a difference between SYN-ACK and ACK. When the sender, usually called a client, sends an SYN request, it is a message requesting a connection and the positive response from the server of the receiver is in the form of SYN-ACK.

 

To complete the procedure of establishing a connection, the client needs to send ACK, failing to do to starts the process of a denial of services (DoS) attack because services are being denied. This last step determines whether a connection will be made between devices or the main purpose is a malicious attack. If it is an attack, the client can also send a false Internet Protocol (IP) address in the first place along with the SYN request.

 

A false IP address will not respond with an ACK. SYN is one of the most effective ways to stop an SYN Attack, which at first sends an invalid SYN-ACK to make sure the request from the client is legitimate. Other ways include setting the time limit for closing the half-open connections or adding the function of dropping the coming requests if there is already a half-open connection in the server.

Leave a Reply