Home page logo

basics logo Security Basics mailing list archives

syn flooding attack and bandwidth consumation
From: "charles lindsay" <frostbackeng () lycos com>
Date: Mon, 04 Nov 2002 18:07:20 -0500

It's a matter of degree/time/ resources.

SYN Flood will probably kill your servers faster that it will fill your bandwidth, but long after your servers are 
consumed with half-open sessions, the attacker will still be sending the SYN Flood.  After all, the source address on 
the SYN packets is spoofed, so the attacker will not be waiting for a response from your servers to send a new SYN...

the minimum size for a SYN is 40-bytes (IP and TCP headers) + link overhead.  For Ethernet, you have a minimum 64-byte 
frame size.  The default size for an ICMP ping is 64-bytes (IP+ICMP+data + Ethernet header).
No difference in length.

A Smurf can use "amplifying reflectors" to take up more bandwidth faster -- although a lot of people have fixed their 
networks so that doesn't work anymore.  Each SYN packet has  to be sent individually by the attacker (or the attacker's 

As you know, when I received smurf attack which is icmp based attack, the 
bandwidth is full.
But when I receive syn flooding attack, the bandwidth is full or not?
As my test, the syn and ayn+ack packet size is 0.
So I think that the syn flooding attack has no relations with bandwith 
based attack? right?

Thanks in advance.

Outgrown your current e-mail service? Get 25MB Storage, POP3 Access,
Advanced Spam protection with LYCOS MAIL PLUS.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]