This glossary focuses on network and application security
terms with many DDoS-related definitions, a "DDoS-pedia"
– its goal is to provide a central place
for hard to find web-scattered definitions on this topic.
TCP SYN floods are one of the oldest yet still very
popular Denial of Service (DoS) attacks. The most common attack involves
sending numerous SYN packets to the victim. The attack in many cases will
spoof the SRC IP meaning that the reply (SYN+ACK packet) will not come back to
The intention of this attack is overwhelm the session/connection
tables of the targeted server or one of the network entities on the way
(typically the firewall). Servers need to open a state for each SYN packet that
arrives and they store this state in tables that have limited size. As big as
this table may be it is easy to send sufficient amount of SYN packets that will
fill the table, and once this happens the server starts to drop a new request,
including legitimate ones. Similar effects can happen on a firewall which also
has to process and invest in each SYN packet.
Unlike other TCP or
application level attacks the attacker does not have to use a real IP; this is
perhaps the biggest strength of the attack.
We value your opinion! Please take a few moments to provide feedback or suggest additional content.
Under attack? Contact our experts 24*7 to get emergency assistance by dialing one of the toll free numbers available in the list below and provide the code “REDBUTTON” to the support engineers.
Be prepared to face cyber attacks with Radware’s attack mitigation system.
Radware is a leading security solutions provider offering a full spectrum Attack Mitigation System (AMS) comprised of award-winning products DefensePro, AppWall and Vision as well as the top-expert Emergency response team service.