SYN Flood Attack
One of the most common and simplest attacks is a SYN Flood Attack. The purpose of this type of attack is to temporarily disable the functionality of a particular service, such as http (website) or SMTP (e-mail). Its principle is to send a large number of requests to a remote computer to attempt to establish a false connection. The affected system tries to allocate certain resources for each of these connections, thus completely exhausting its available system resources, and the computer will stop responding to other connection attempts.
This type of attack is based on the use of one of the TCP protocol properties, called a three-way handshake. A three-way handshake aims to verify whether the two sides really stand on a connection. In practice, it works by sending a SYN packet to the server (i.e., “syncing”). The server recognizes (i.e., “acknowledges”) a request for synchronization and sends back a packet with the SYN and ACK flags. In the third step, the client sends an ACK packet. A SYN Flood Attack works only if the server allocates the resources for the new connection when it receives the SYN packet before it receives the ACK packet. The attacker has two methods of making sure the server does not receive this packet. On the one hand, the attacker may simply omit it, or send a SYN packet with a fake IP address, and the server sends the SYN-ACK packet somewhere else, and the ACK packet does not arrive.