Denial-of-service Attack

DoS attacks threaten the availability of a system.

One common DoS attack is the TCP SYN flood.

  • TCP three-way handshake: SYN | SYN-ACK | ACK

  • The attacker sends countless TCP SYN messages to the target.

  • The target sends a SYN-ACK message in response to each SYN it receives.

  • The attacker never replies with the final ACK of the TCP three-way handshake.

  • The incomplete connections fill up the target's TCP connection table.

  • The attacker continues sending SYN messages.

  • The target is no longer able to make legitimate TCP connections.

In a DDoS (Distributed Denial-Of-Service) attack, the attacker infects many target computers with malware and uses them all to initiate a denial-of-service attack, for example a TCP SYN flood attack.

This group of infected computers is called a botnet.

PreviousConceptsNextSpoofing Attacks

Last updated