![]() However, this method involves significant costs and has little impact on large numbers of attack packets. For servers, the most direct way to defend against such attacks is to improve service capabilities, which can be achieved by creating a cluster and upgrading hardware. The purpose of SYN flood is to occupy all server connections and consume its system resources. As a result, normal users cannot establish TCP connections. When the server is fully occupied by these malicious half-open connections, it does not respond to new SYN packets. In addition, a large number of resources cannot be released. In this case, the server needs to maintain a large waiting list while trying to resend SYN-ACK packets. However, the server cannot receive the ACK packet, and a large number of half-open connections are generated. These tools do not respond to SYN-ACK packets from the server. In rare cases, hackers use real source IP addresses to send massive SYN packets through attack tools. As the source IP address or port is forged, the SYN-ACK packet sent by the server will never be received or replied to by the real client. Hackers usually send a large number of SYN packets with fake source IP addresses or ports to the server to request the establishment of TCP connections. Hackers leverage this mechanism to implement SYN flood. If the number of connections are used up, the server cannot provide normal services. Half-open connections are counted in the number of connections to the server. In this case, it is a half-open connection. The server continues to wait for an ACK packet until the connection times out. ![]() After the server receives this ACK packet, the three-way handshake is complete and the TCP connection is established. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |