Is SYN flooding still a threat?

tcp denial-of-service rst

Well recently I've been reading about different Denial of Service methods. One method that kind of stuck out was SYN flooding. I'm a member of some not-so-nice forums, and someone was selling a python script that would DoS a server using SYN packets with a spoofed IP address.

However, if you sent a SYN packet to a server, with a spoofed IP address, the target server would return the SYN/ACK packet to the host that was spoofed. In which case, wouldn't the spoofed host return an RST packet, thus negating the 75 second long-wait, and ultimately failing in its attempt to DoS the server?

EDIT: And what if I'm not using SYN cookies?


thanks to syncookies, the threat of syn flooding is kind of minimal these days. http://en.wikipedia.org/wiki/SYN_cookies

basically when a syn packet is received, the server sends a cookie, and if the guest responds with the proper response, the connection is established.

syn_flooding used to cause issues, because the servers had to keep the connections open, waiting for the rest of the handshake.


I believe recent OSes will support Syn Cookies which aid in preventing this sort of attack. You can enable it with /proc/sys/net/ipv4/tcp_syncookies in Linux.

Related

GPO Run these programs at user logon not taking effect
CentOS 5.5: service not stopped on shutdown
Looking for good Open Source email server
Restore old SunOS tapes
How many sites can be served with 50,000 dns queries?
Docker image build hangs at "pacman -S ..."
Postfix: How to make aliases work for virtual domains?
How do I DRY up this Nginx configuration?
Is Amazon EC2 reliable for benchmarking?
Upgrading curl on centos 6: libcurl-7.50 requires libnghttp2
explain server load
Is it safe to zip/tar hotcopied svn repositories?