What does a Synchronous (SYN) flood attack do?

– by 7

What does a Synchronous (SYN) flood attack do?
A. Forces Transmission Control Protocol /Internet Protocol (TCP/IP) connections into a reset state
B. Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections
C. Empties the queue of pending Transmission Control Protocol /Internet Protocol (TCP/IP) requests
D. Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections

Download Printable PDF. VALID exam to help you PASS.

7 thoughts on “What does a Synchronous (SYN) flood attack do?

  1. It is D

    CBK 5th edition:

    SYN flooding is a form of denial-of-service (DoS) attack, exploiting properties of TCP at the transport layer (layer 4). TCP initiates a connection by sending a SYN packet, which when received and accepted is replied to with a SYN-ACK
    packet. The SYN flooding DoS attack is executed by sending massive amounts of those SYN packets. The SYN packets accumulate at the recipient system, and the software crashes because it cannot handle the overflow.

    The attacker attempts to consume enough server resources to make the system unresponsive to legitimate traffic. Some
    refer to this attack as the half-open attack because of the partial three-way TCP/IP handshake that underlies the attack.

    Eventually, given enough connection attempts, the capacity of the network card and stack to maintain open connections is exhausted.

    2
    Reply

    1. Wikipedia:

      A SYN flood attack works by not responding to the server with the expected ACK code. The malicious client can either simply not send the expected ACK, or by spoofing the source IP address in the SYN, cause the server to send the SYN-ACK to a falsified IP address – which will not send an ACK because it “knows” that it never sent a SYN.

      The server will wait for the acknowledgement for some time, as simple network congestion could also be the cause of the missing ACK. However, in an attack, the half-open connections created by the malicious client bind resources on the server and may eventually exceed the resources available on the server. At that point, the server cannot connect to any clients, whether legitimate or otherwise. This effectively denies service to legitimate clients. Some systems may also malfunction or crash when other operating system functions are starved of resources in this way.

      Reply

  2. For me also, D makes more sense as Established means that the TCP handshaking is completed, however syn flooding does not need to complete the 3 way hanshaking, it just initiate new syn and at the other end it will wait for syn-ack to complete the session

    3
    Reply

  3. I think B is actually correct, although it would make a lot more sense if the word “Establishes” were replaced with the word “Initiates”.
    I don’t think D is correct because there I don’t think there is a limit to the TCP/IP connections… the attack just keeps initiating connection attempts and slows the victim network down as it tries to respond to these requests.

    1
    Reply

    1. Actually there is a limit, it depends on the memory on the receiving end, and also if there is a firwall. Firewalls do have a limit in terms of new TCP session.

      1
      Reply

  4. Answer B seems wrong as Establishes means 3-way handshake completes which does not happen in SYN flood case.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.