A SYN attack is a denial of service attack that forces the target computer to allocate so much memory for TCP connections so that it runs out of memory. A SYN attack requests a multiple connections to a target computer. When a connection is requested, the target computer will allocate a certain amount of memory to support the connection. When enough conections are requested quickly enough the target or victim computer may run out of memory and become very slow, unresponsive, or crash.
The SYN attack takes advantage of the TCP connection process shown in this example. In this example, we assume a client computer is contacting a server to send it some information.
- Client sends a packet with the SYN bit set and a sequence number of N.
- Server sends a packet with an ACK number of N+1, the SYN bit set and a sequence number of X.
- The client sends a packet with an ACK number of X+1 and the connection is established.
- The client sends the data.
The attacker only sends the first packet with the SYN bit set and it does this many times. Even though the target computer will time the connection attempt out, if the SYN packets are sent quickly enough, the target computer will run out of memory. Also the target computer may not be able to open connections for legitimate requestors. The target computer can reduce its vulnerability to this attack by limiting the number of new connections from a specific IP address in a specific period of time. The target computer can also reduce its vulnerability by using SYN cookies which is a process of choosing sequence numbers.