ZyXEL P-794H User Guide - Page 197
TCP SYN Flood Attack,
![]() |
View all ZyXEL P-794H manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 197 highlights
Chapter 15 Security 15.3.7 TCP SYN Flood Attack Usually a client starts a session by sending a SYN (synchronize) packet to a server. The receiver returns an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment). After this handshake, a connection is established. Figure 125 TCP Three-Way Handshake A SYN flood attack is when an attacker sends a series of SYN packets. Each packet causes the receiver to reply with a SYN-ACK response. The receiver then waits for the ACK that follows the SYN-ACK, and stores all outstanding SYN-ACK responses on a backlog queue. SYN-ACKs are only moved off the queue when an ACK comes back or when an internal timer ends the three-way handshake. Once the queue is full, the system will ignore all incoming SYN requests, making the system unavailable for other users. Figure 126 SYN Flood P-794H User's Guide 197
![](/manual_guide/products/zyxel-p794h-user-guide-bbafe41/197.png)