SYN Flood attack refers to a common denial of service attacks. This attack may host implementation, the host processing to stop work connections. Here to explain, TCP is the Transmission Control Protocol, is the primary means of most data transmission over the Internet. In order to use the TCP protocol to open a connection of a host on the Internet between the client and the server will have a "three-way handshake"
A SYN Flood attack using TCP protocol flaw, sending a large number of bogus TCP connection request, IP or IP-counterfeit used segment number sent first handshake packet (SYN packet) Mass connection request, the second response is attacked server a handshake packet (SYN + ACK packet), because the other side is the fake IP packet and never receive the other side will not respond to third handshake. Leading to the attacked server to maintain a large number of SYN RECV state of "semi-connected", and will retry the default response to five times a second handshake, stuffed TCP connections waiting queue, depletion of resources (CPU full load or insufficient memory), so that normal service connection request does not come.
Scapy:
Information given IP header.
View the contents of the IP header
Set the target address
Set the destination port number
Define the TCP header
View TCP header
Send messages.
Back pack
After the capture:
The third did not respond to the ACK packet, and to reserve a number of connections. Footprint.
You can use repeatedly contracting procedures, the consumption of both CPU and other resources to achieve syn flood attack.
Attack Protection:
Loss patterns, the use of TCP retransmission, discarding first packets Syn.
Reverse probe, ie Client sends a probe packet.
Proxy mode, namely Syn Proxy, which is the agent using firewalls and other equipment.
