Resources Banner

Glossary - S

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 

Session Attack

A valid TCP-SYN session is generated between a BOT and a victim. Once the session is established, the attacker delays responding with an ACK packet to keep the session open until a Session Time Out is triggered. The empty session exhausts the victim’s server by depleting its system resources (memory, CPU, etc.) used to compute this irregularity, resulting in performance degradation or a complete server shutdown. Session Attacks are non-spoofed: the source IP is the actual public IP of the attacker BOT, and the source IP range is equal to the number of BOTs used in the attack.

 

SYN-ACK Flood

Host servers generate SYN-ACK packets in response to incoming SYN requests from clients. During a SYN-ACK flood, the victim server receives spoofed SYN-ACK packets at a high packet rate. This flood exhausts a victim’s server by depleting its system resources (memory, CPU, etc.) used to compute this irregularity, resulting in performance degradation or a complete server shutdown.

 

SYN Flood

Clients generate a SYN packet (64 bytes) to request a new session from a host server. As the TCP three-way communication handshake is created, the host will track and allocate each of the client’s sessions until the session is closed. In a SYN flood, a victim server receives spoofed SYN requests at a high packet rate that contain fake source IP addresses. The SYN flood overwhelms the victim server by depleting its system resources (connection table memory) normally used to store and process these incoming packets, resulting in performance degradation or a complete server shutdown. A well-crafted SYN flood often fools deep-packet inspection filtering techniques. SYN-Cookie defense can be used to defend against large-scale SYN floods but this requires all servers to support this capability.

 

Synonymous IP

A victim receives spoofed TCP-SYN packets at a high rate that have the victim’s information specified as both the Source IP and the Destination IP. This attack exhausts a victim’s server by depleting its system resources (memory, CPU, etc.) used to compute this irregularity, resulting in performance degradation or a complete server shutdown. Although the packet’s Source and Destination IP are identically defined within a Synonymous IP attack, the content is irrelevant because the attacker is simply depleting the victim’s system resources.