๐ SYN flood DDOS attack
Abstract
SYN flood is a kind of DDOS attack that sends a huge amount of requests to your server until the server cannot handle the requests and crash.
On TCP/IP protocal a SYN
request is sent to the server, the server ACK
s and send a SYN
to the client and hoping to establish a connection. If the client intentionally holds back sending the expected ACK
packet, the server would think the SYN
packet is lost and would have to be sent again. And then the server would have to keep sending packets until the server crashes or all the ports are blocked. Also if the original SYN
uses fake ip addresses so the server sends ACK
s to a spoofed ip addresses and floors the victim ips with useless packets.
Carry out the attack
install a module called hping3. hping is a TCP/IP packer assembler/analyzer. It can be used to carry out penetration tests.
$ sudo apt-get install hping3
and then just target a host / port that takes TCP/IP requests and flood them
$ sudo hping3 -i u1 -S -p 80 192.168.1.1
Basically all the websites run on TCP/IP and you should be able to find out what host and port a website is fetching stuff from. The image is just a reference and, for legal reasons, I do not recommend using this to other peopleโs websites. :)
โ
references:
24 Nov 2015