Denial-of-service Attack
Last updated
Last updated
DoS attacks threaten the availability of a system.
One common DoS attack is the TCP SYN flood.
TCP three-way handshake: SYN | SYN-ACK | ACK
The attacker sends countless TCP SYN messages to the target.
The target sends a SYN-ACK message in response to each SYN it receives.
The attacker never replies with the final ACK of the TCP three-way handshake.
The incomplete connections fill up the target's TCP connection table.
The attacker continues sending SYN messages.
The target is no longer able to make legitimate TCP connections.
In a DDoS (Distributed Denial-Of-Service) attack, the attacker infects many target computers with malware and uses them all to initiate a denial-of-service attack, for example a TCP SYN flood attack.
This group of infected computers is called a botnet.
