mailing list archives
syn flooding attack and bandwidth consumation
From: "charles lindsay" <frostbackeng () lycos com>
Date: Mon, 04 Nov 2002 18:07:20 -0500
It's a matter of degree/time/ resources.
SYN Flood will probably kill your servers faster that it will fill your bandwidth, but long after your servers are
consumed with half-open sessions, the attacker will still be sending the SYN Flood. After all, the source address on
the SYN packets is spoofed, so the attacker will not be waiting for a response from your servers to send a new SYN...
the minimum size for a SYN is 40-bytes (IP and TCP headers) + link overhead. For Ethernet, you have a minimum 64-byte
frame size. The default size for an ICMP ping is 64-bytes (IP+ICMP+data + Ethernet header).
No difference in length.
A Smurf can use "amplifying reflectors" to take up more bandwidth faster -- although a lot of people have fixed their
networks so that doesn't work anymore. Each SYN packet has to be sent individually by the attacker (or the attacker's
As you know, when I received smurf attack which is icmp based attack, the
bandwidth is full.
But when I receive syn flooding attack, the bandwidth is full or not?
As my test, the syn and ayn+ack packet size is 0.
So I think that the syn flooding attack has no relations with bandwith
based attack? right?
Thanks in advance.
Outgrown your current e-mail service? Get 25MB Storage, POP3 Access,
Advanced Spam protection with LYCOS MAIL PLUS.