Shih-Min Lee's Personal website

dating, chating, food, games, search

Follow me on GitHub

๐Ÿ˜€ SYN flood DDOS attack


SYN flood is a kind of DDOS attack that sends a huge amount of requests to your server until the server cannot handle the requests and crash.

On TCP/IP protocal a SYN request is sent to the server, the server ACKs and send a SYN to the client and hoping to establish a connection. If the client intentionally holds back sending the expected ACK packet, the server would think the SYN packet is lost and would have to be sent again. And then the server would have to keep sending packets until the server crashes or all the ports are blocked. Also if the original SYN uses fake ip addresses so the server sends ACKs to a spoofed ip addresses and floors the victim ips with useless packets.

Carry out the attack

install a module called hping3. hping is a TCP/IP packer assembler/analyzer. It can be used to carry out penetration tests.

$ sudo apt-get install hping3

and then just target a host / port that takes TCP/IP requests and flood them

$ sudo hping3 -i u1 -S -p 80

Basically all the websites run on TCP/IP and you should be able to find out what host and port a website is fetching stuff from. The image is just a reference and, for legal reasons, I do not recommend using this to other peopleโ€™s websites. :)



24 Nov 2015