TCP 3-Way Handshake Process

Diagram Source: https://flylib.com/books/en/3.223.1.188/1/

The state transition and time sequence of the TCP 3-Way Handshake Process.

  1. SYC_RCVD: When the server receives SYN from the client and sends SYN, ACK to the client
  2. ESTABLISHED: When the server receives ACK from the client and sends nothing back.

TCP SYN Flooding Attacks

TCP SYN flooding attacks deplete memory resources to stop new connections from being established by exploiting the protocol of TCP three-way handshake.

The SYN flooding attack is a denial-of-service method affecting hosts that run TCP server processes. The attack takes advantage of the state retention TCP performs for some time after receiving a SYN segment to a port that has been put into the LISTEN state.

The basic idea is to exploit this behavior by causing a host to retain enough state for bogus half-connections that there are no resources left to establish new legitimate connections. (RFC 4987)

References

Leave a Reply