Syn stands for "synchronization." It's an attempt to establish a TCP or border gateway protocol for a router connection from one device to another over the Internet.

Ack stands for "acknowledgement." It's the reply sent by the machine receiving the connection request to the originating machine.

A syn flood occurs when thousands of connection attempts for synchronization arrive from a fake (spoofed) IP address. The receiving server sends an acknowledgement and waits for a final ack packet to open the connection. That ack packet never arrives because the source IP was faked. The target server waits for a reply until the session times out. If enough of these sessions are initiated at the same time, it overwhelms the server and blocks legitimate connections from being established.

A distributed reflection denial-of-service attack is the inverse of a syn flood. Here, an attacker will broadcast the target's IP address to hundreds or thousands of inventoried Internet devices requesting a syn connection. The devices will respond to the target IP address with ack packets. Knowing that it didn't initiate a TCP connection, the target will likely drop the ack packets. Thinking their ack requests were lost in cyberspace, the devices will send another round of ack packets -- repeating up to four times and magnifying the effect of the flood.


Copyright © 2002 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon