Analysis of "Denial of Service" attacks-Syn Denial of Service
Source: Internet
Author: User
1. anything other than floods-abused SYN Denial of Service (synchronize Denial of Service)
When a region is about to flood (or has already occurred), the local residents seldom behave calmly: running east and west, picking up their belongings, and being overwhelmed ...... If the whole town is messy, the consequence is that the traffic in the streets is chaotic and no one can run.
When this problem occurs on the network, a bunch of data packets can only be hit out of the server.
Why? Attackers use SYN attacks.
To understand the principles of SYN attacks, we should start with the connection establishment process. From entering a website we can see it, the machine has done three important tasks for us in a very short time:
1. The machine sends a packet with the "syn" (synchronous) mark to the server and requests connection;
2. The server returns a packet with the SYN mark and ACK sign to the machine;
3. The machine also returns an ACK validation mark packet to the server, and the data transmission is established.
These three steps are called "three-way handshakes ".
So what is the so-called Syn Attack? Let's look at Step 2 again. After the server returns data, it will not run away. Instead, it will wait for the other party to return again for confirmation. The problem lies here. If a computer accidentally disconnects the network after sending a SYN packet, the ACK returned by the server will not receive a response, and the standard stipulates that it must be "not dispersed", so the server will wait until the sunset goes down, during this period, it rejects connection requests from other machines. As a result, other machines cannot open the pages of a server. Fortunately, during the server's time, the "sunset" was just a flash, so occasionally one or two machines did not answer it, And it rarely affected the overall situation. But for malicious attackers, this is not a problem-they use some special tools to generate a large number of SYN packets that cause the server to wait for the fake IP address, because this IP address does not exist on the machine, naturally, there will be no response, so the server only makes a list of these packets and waits one by one! The accumulated waiting time becomes the cause of the impact on normal data transmission. Because the attacker keeps sending Syn packets, the server waits infinitely, and other data packets cannot enter the server, everything is done. This is the most common and abusive denial-of-service mode, and there are also a lot of ready-made attack tools, such as popular lion SYN flood, xdos, and dictatorship. These tools can be used without any advanced knowledge, therefore, Syn becomes the most feared attack by servers and network administrators.
In fact, the emergence of SYN attacks is related to the negligence of the system's own design. First, SYN is the negligence of the TCP protocol specification, and second, the background of the system! * The Network Architecture of Nix and win2000/XP allows users to manually set the IP header through programming, including the source IP address and target IP address, which is the key to generating fake Syn packets. The Network Architecture of Win9x/me does not allow users to do so, so do not expect Win9x/me to use these tools to pose a threat to the server.
Currently, there are still no effective software measures to defend against SYN attacks. The only method is to use the hardware firewall, which directly filters out false Syn packets from the physical line, but it is expensive, many people can only sadly watch their servers suffer from Syn packets, so the CPU can last for no less than 100% ......
Someone said, "It's no wonder that my machine is often slow. Someone else SYN me !" Wait, let me know. SYN attacks are not harmful to Network Congestion because the packets are small. They do not work for users who have not enabled any TCP services. Even if someone is attacking you with SYN attacks, you cannot detect exceptions, unless you have enabled web services.
Remember how to say this? Panic groups are more terrible than disasters.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.