Since the invention of TCP in 1974, after more than 30 years of development, it is now the most important Internet infrastructure protocol, but there are some shortcomings in the TCP protocol.
SYN attack is the use of TCP protocol defects, to cause system services to stop the normal response.
SYN attack principle
TCP takes three handshake before passing data, the principle of SYN attack is to send SYN packets to the server and forge the source IP address.
When the server receives the SYN packet, it joins the backlog queue, sends the SYN-ACK packet to the source IP, and waits for the ACK packet to complete the three-time handshake to establish the connection.
Because the source IP address is spoofed, there is no host IP, so the server cannot receive ACK packets and will continue to re-send, while the backlog queue is constantly being attacked by the SYN connection is full, resulting in the inability to handle the normal connection.
SYN attack processing
For several links of Syn attack, the corresponding processing methods are proposed:
Mode 1: Reduce the number of Syn-ack packets (default is 5):
Method 2: Use SYN Cookie technology:
Mode 3: Increase the backlog queue (default is 1024):
Method 4: Limit the number of SYN concurrency:
Iptables-a input-p tcp--syn-m limit--limit 1/s-j ACCEPT--limit 1/s
SYN Attack simulation
You can use the Hping tool described earlier to simulate SYN attacks, see Linux Common Network Tools: hping advanced host scan;
There is also a synkill that can be used to simulate SYN attacks.
Record, for the better of myself!
The principle and processing of SYN attack on Linux security
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
