Syn flood檢視原始碼討論檢視歷史

The Syn flood uses the three-time handshake mechanism of TCP. The attacker sends a request to the attacked end using the forged IP address, and the response message sent by the attacked end will never be sent to the destination. Then the attacked end consumes resources while waiting for the connection to be closed. If there are thousands of such connections, the host resources will be exhausted, so as to achieve the purpose of the attack. TCP Syn flood occurs in the fourth layer of OSI. This method uses the characteristics of TCP protocol, that is, triple handshake. The attacker sends TCP syn, which is the first packet in the three TCP handshakes. When the server returns an ACK, the attacker does not reconfirm it. Then the TCP connection is in the suspended state, that is, the so-called semi connected state. If the server does not receive the reconfirmation, it will repeatedly send an ack to the attacker. This will even waste the resources of the server. The attacker sends a large number of such TCP connections to the server. Since each TCP connection cannot complete three handshakes, these TCP connections on the server will consume CPU and memory because of the suspended state. Finally, the server may crash and cannot provide services to normal users.