Definition[]
SYN flood (or SYN flood attack) is
| “ | [a] denial-of-service attack that sends a large number of TCP SYN (synchronize) packets to a host with the intent of disrupting the operation of that host.[1] | ” |
Overview[]
"In normal data exchange, a SYN packet is sent from computer A to computer B. In return, computer B will send a SYN/ACK packet to computer A. Then, computer A will send an ACK packet to computer B, establishing a connection. In a SYN flood attack, an intruder will send a SYN packet from computer A to computer B, but the intruder spoofs the source address of a non-existent system. Spoofing means gaining unauthorized access to a machine by pretending to be someone from a trusted site. Computer B will attempt to send a SYN/ACK to a non-existent system, causing a back-logged queue of connection attempts from computer B to computer A. The intruder can eventually disable a port or service just by sending a few SYN packets."[2]