How to defend against a sync flood attack

Nick Lewis explains how to protect your organization from sync flood attacks.

Nick Lewis

What are some ways to protect against sync flood attacks?

A Sync flood attack, better known as a SYN attack, has its origins as one of the original types of distributed denial-of-service (DDoS) attacks and have not been significant threats to enterprises today. Most CERT advice from 1996 still applies to modern systems, but obviously many improvements have been made in the last 15 years.

A SYN attack is one where an attacker makes an initial connection to a victim computer and the victim computer waits for the completion of the connection. The attack is exploiting part of the three-way handshake in TCP for establishing reliable connections. When the initial connection is left open, it consumes resources on the victim computer until it runs out of connections or has other issues.

To protect against sync flood attacks, you have several options. The attacks can be detected by standard intrusion detection systems (IDS) and could also be blocked or minimized by built-in features in firewalls and other devices. Further protections could include lowering timeouts for how long a system waits for another system to complete the three-way handshake or having your ISP block the attacks.

This was last published in May 2010

How to defend against a sync flood attack

Nick Lewis explains how to protect your organization from sync flood attacks.

Dig Deeper on DDoS attack detection and prevention

7 TCP/IP vulnerabilities and how to prevent them

denial-of-service attack

How hackers use idle scans in port scan attacks

Europe in the firing line of evolving DDoS attacks

Related Q&A from Nick Lewis

What are the benefits and challenges of cloud penetration testing?

What are the best criteria to use to evaluate cloud service providers?

What is the best way to write a cloud security policy?

Start the conversation

0 comments

Please create a username to comment.

SearchCloudSecurity

How to pass the AWS Certified Security - Specialty exam

Practice AWS Certified Security - Specialty exam questions

Choosing between proxy vs. API CASB deployment modes

SearchNetworking

New Celona 5G platform nets TechTarget innovation award

Network pros share Cisco DevNet certification advice

Cloud automation use cases for managing and troubleshooting

SearchCIO

5 ways to keep developers happy so they deliver great CX

Link software development to measured business value creation

5 digital transformation success factors for 2021

SearchEnterpriseDesktop

11 tips to improve Windows 10 performance

Microsoft Pluton chip will secure future Windows PCs

How does Microsoft 365 extend Windows 7 support?

SearchCloudComputing

Multi-cloud networking -- how to choose the right path

A conference guide to AWS re:Invent 2020

Cognito user pools vs. identity pools -- what AWS users should know

ComputerWeekly.com

How retailers are using technology to survive

Subpostmasters want £300m from a government that allowed Post Office ‘reign of terror’

Spinning disk hard drives: Good value for many use cases