Q: What measures can be taken to defend against Sync flood attacks?
A: Sync flood attacks, also known as SYN attacks, are a primitive type of Distributed Denial of Service attacks and are not a serious threat to enterprises. Many suggestions from the CERT Computer Security Emergency Response Group in 1996 still apply to existing systems, but there have been many improvements over the past 15 years.
Through SYN attacks, attackers can establish an initial connection with the victim's computer, waiting for the connection to complete. Attackers use the "three-way handshake" in TCP to establish a trusted connection. When the initial connection is opened, it consumes resources on the victim's computer until it uses up connections or produces other problems.
To prevent sync flood attacks, you have the following options. You can use standard Intrusion Detection System IDS to detect attacks, or use built-in functions in firewalls and other devices to block or reduce attacks. Deeper protection includes reducing the system's waiting for another system to complete the "three-way handshake", or letting your Internet service provider, Internet service provider, intercept the attack.
- Principles of firewall anti-ddos syn Flood
- Principles of SYN Flood attacks