SYN Flooding Attack (Denial of Service)

Duration: 3 min

This video lesson is available to enrolled students.

Enroll to watch — ISRO Scientist/Engineer 'SC'

AI Summary

An AI-generated summary of this video lecture.

This educational video provides a detailed explanation of the SYN Flooding Attack, categorized under Denial of Service (DoS) attacks. The lecture outlines the mechanism where malicious attackers overwhelm a server by sending a high volume of TCP SYN segments. Crucially, these segments originate from faked source IP addresses, making the server believe they come from different legitimate clients. The server responds by allocating necessary resources, such as creating Transfer Control Block (TCB) tables and setting timers, to initiate the three-way handshake. However, because the clients are fake, the final ACK segment is never received, leaving the server with half-open connections. This process exhausts the server's capacity, preventing it from accepting requests from valid users.

Chapters

  1. 0:00 2:00 00:00-02:00

    The instructor begins by defining the attack using a slide titled SYN Flooding Attack(Denial of Service). Three bullet points explain the process: attackers send large numbers of SYN segments faking source IPs, the server allocates resources like TCB tables, and sends SYN+ACK segments to lost fake clients. A diagram visualizes this with an Attacker icon sending red arrows to a server. The server side shows a list of Open port Waiting for ACK entries, indicating pending connections. A Visitor icon attempts to connect but is blocked by a red X labeled Connections exhausted. The instructor explains that the server waits for the third leg of the handshake, keeping resources allocated without usage, effectively clogging the system.

  2. 2:00 3:02 02:00-03:02

    The lecture transitions to the consequences and a more detailed diagram. Text on the slide states that if the number of SYN segments is large, the server eventually runs out of resources and cannot accept valid clients. A new diagram appears showing an Attacker host sending SYN packets with spoofed source IP addresses to a Victim host. The victim host replies with SYN-ACK packets with spoofed destination IP addresses. A cylinder graphic illustrates The memory buffer in the victim host begins filling up. Below, ACK packets are crossed out with a large X, signifying the handshake failure. The instructor emphasizes that this resource exhaustion is the core of the Denial of Service attack.

The video effectively demonstrates how SYN flooding exploits the TCP three-way handshake. By spoofing source IPs, attackers force servers to maintain state for connections that will never complete. The visual progression from the initial attack mechanism to the resource exhaustion diagram clearly illustrates why this is a critical security vulnerability, leading to service unavailability for legitimate users.