What is SYN Flood for you today? and I will tell you how you can protect against the SYN Flood system.
What is SYN Flood?
What is SYN Flood?
SYN Flood is a DDoS (Distrubuted Denial of Service Attack) attack type. Although it is the most used attack type in the virtual world, it is popular. Besides this popularity it is very easy. If the owners of the counter target systems do not take the necessary precautions, the dependent servers and servers on the 2Mb line and 100Mb line can be easily downgraded/turned off.
It is easy to protect, except as easy as when attacking. In this SYN Flood attack, the target server is attacked using fake ip addresses. In other words, the counter target sees us as attacking with a different ip address.
If we take a look at the content of the SYN Flood attack; By transmitting a "synchronize" message, the attacker transmits his system structure information to the other party and wants to establish a connection.
The target wants to indicate that he has received the sent message and wants to convey the information about his system structure to the other party. It sends a reply-intent message to an attacker of the SYN-ACK type, along with information about the system structure. The attacker sees this message and communicates over the ACK message that he has seen and responded to his message. In this way, the connection is established via ACK. On the one hand, this method is called the triple-time handshake. It is all-encompassing for the protocol whose underlying connections are TCP.
Protection Against SYN Flood Attacks
The strongest and most popular solution against SYN Flood attacks is to install a mechanism called syncookie/synproxy on the system. Generally, security products on the market are used to prevent SYN Flood attack. On Linux operating systems, the syncookie feature is offered to us in a passive way. We just need to activate it.
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Have a nice day