Presentation is loading. Please wait.

Presentation is loading. Please wait.

SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "SYN Flooding: A Denial of Service Attack Shivani Hashia CS265."— Presentation transcript:

1 SYN Flooding: A Denial of Service Attack Shivani Hashia CS265

2 Topics  What is Denial of Service attack?  Types of attacks  SYN flooding attack  Solutions  Conclusion

3 What is Denial of Service Attack?  Main aim to stop the victim’s machine from doing it’s required job  Server unable to provide service to legitimate clients  Damage done varies from minor inconvenience to major financial losses

4 Types of Attacks  Bandwidth Consumption: All available bandwidth used by the attacker e.g.,ICMP ECHO attack  Resource Consumption: Resources like web server, print or mail server flooded with useless requests e.g., mail bomb  Network Connectivity: The attacker forces the server to stop communicating on the network e.g., SYN Flooding.

5 SYN Flooding Attack  Network connectivity attack  Most commonly-used DoS attack  Launched with a little effort  Presently, difficult to trace attack back to its originator  Web servers and systems connected to Internet providing TCP-based services like FTP servers, mail servers are susceptible  Exploits TCP’s three-way handshake mechanism and its limitations in maintaining half open connections

6 TCP Protocol: Three-way Handshake SYN Client requests for connection ACK + SYN Server agrees for connection request ACK Client finishes handshake SD Client connecting to TCP port LISTEN SYN_RCVD CONNECTED

7 Three-way Handshake SYN x SYN y +ACK x+1 ACK y+1 LISTEN SYN_RCVD CONNECTED SD Initialize sequence numbers for a new connection (x,y) Resources allocated

8 How SYN Flooding Attack Works? Client connecting to TCP port I have ACKed these connections but I have not received an ACK back!  Resources allocated for every half open connection Victim  Limit on number of half open connections SYN SYN + ACK Attacker Uses spoofed addresses

9 Attack Modes  Different parameters by which SYN flood attack can vary: 1.Batch-size : Number of packets sent from source address in a batch 2.Delay : Time interval between two batches of packets sent 3.Source address allocation  Single Address: Single forged address  Short List: Small list to pick source addresses  No List: Randomly created source addresses

10 Solutions  Using firewall  System configuration improvements  SYN cache

11 Using Firewalls  Two ways in which firewall used:  Firewall as a relay: Packets from source received and answered by the firewall  Firewall as a semi-transparent gateway: Lets SYN and ACK to pass, monitors the traffic and reacts accordingly

12 Firewall as a Relay SYN SYN+ACK A FIREWALLD Acts as a proxy Attack with Relay Firewall SYN+ACK SYN

13 Firewall as a Relay (cont’d) SYN SYN+ACK ACK SYN SYN+ACK ACK Data Sequence number conversion SFirewallD Legitimate connection with relay firewall

14 Firewall as Semi-transparent Gateway S Firewall D SYN SYN+ACK ACK RST Timeout

15 System Configuration Improvements 1) Decrease timeout period  Reset the connections sooner  Can deny legitimate access where the timeout period will be less than the round trip times 2) Increase the number of half-open connections  More connections at the same time  Will increase the use of resources

16 SYN Cache  Global hash table instead of the usual per socket queued connections  Protection from running out of the resources  Limit on number of entries in the table and hash bucket  Limit on the memory usage and amount of time taken to search for a matching entry

17 SYN Cache (cont’d)  Queue is divided into hash buckets  Each bucket treated as a First in First out Queue.  Hash value computed by choosing a function of source and destination IP addresses, ports and a secret key  Hash value acts as an index in the hash table.  Secret key transforms hash value so that an attacker cannot target specific hash bucket and deny service to a specific machine

18 Conclusion  SYN Flooding denial of service attack one of the most common attacks  Caused by the flaws in TCP protocol  Not possible to eliminate the attack  Possible to reduce the danger by taking the described measures properly

19 Thank you

Download ppt "SYN Flooding: A Denial of Service Attack Shivani Hashia CS265."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
TCP Flooding. TCP handshake C S SYN C SYN S, ACK C ACK S Listening Store data Wait Connected.

TCP Flooding. TCP handshake C S SYN C SYN S, ACK C ACK S Listening Store data Wait Connected.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Transport Layer – TCP (Part2) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.

Transport Layer – TCP (Part2) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.
Transmission Control Protocol (TCP)

Transmission Control Protocol (TCP)
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.

Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Analysis of a Denial of Service Attack on TCP Christoph L.Schuba, Ivan V.Krsul, Markus G. Kuhn, Eugene H.Spafford, Aurobindo Sundaram, Diego Zamboni July.

Analysis of a Denial of Service Attack on TCP Christoph L.Schuba, Ivan V.Krsul, Markus G. Kuhn, Eugene H.Spafford, Aurobindo Sundaram, Diego Zamboni July.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.

Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.
Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.

Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

Similar presentations

Ads by Google