The SYN Flood DDOS Attack

A SYN flood DDoS attack exploits the TCP 3-way handshake process to overwhelm servers and deny service to legitimate users.

Normally, TCP connections are established through three steps: the client sends a SYN packet, the server responds with SYN-ACK, and the client completes the handshake with an ACK packet.

In a SYN flood attack, attackers send massive numbers of SYN packets with spoofed source addresses, causing the server to allocate resources while waiting for ACK responses that never arrive.

These half-open connections rapidly exhaust the server's capacity until it cannot accept legitimate requests.

ISB (I'm So Bored), seen below, is a network stress-testing utility for Windows that demonstrates these attack methods. The tool includes TCP Flood capabilities for SYN flooding alongside other attack types like HTTP, UDP, ICMP floods and Slowloris.

This tool is for security testing. Use on systems you own or have explicit permission to test. Unauthorized use is illegal.