Solved

syn dos vs. http dos

Posted on 2014-01-21
2
302 Views
Last Modified: 2014-02-08
Experts,

What's the difference between a syn dos and an http dos? Or is there not a difference and http dos is just a form of syn dos?
0
Comment
Question by:trojan81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 400 total points
ID: 39799546
A SYN dos sends only SYN packets. To understand what that means, you need to understand how TCP works - essentially, for each TCP connection, there is an exchange like this:

C->S  <syn>
S->C <syn-ack>
C->S <ack>

a SYN dos attack sends only the syn, and ignores the reply. as the server creates a table entry in its TCP stack for each connection on receipt of the syn, this attack eats up all available table entries until no further clients can connect.

a http dos attack is different. each will perform a full handshake as above, request a page, and then on the same channel, request a page (again and again) - preferably a dynamic page so that the server has to work to calculate the page again and again, but a static will do.

as each http server can only handle a limited number of threads (either due to cpu/memory constraints or configuration) the repeated requests occupy all the server's capacity and it cannot accept or process any further client connections until the attacker's sessions complete - and as they are continually querying on the same connection, they *never* complete.

the downside (for an attacker) is that http attacks require a full tcp connection, hence cannot be sent from a faked address. SYN attacks, by contrast, can be sent from a faked address (or multiple faked addresses), and hence the responses go elsewhere (making it harder to trace the attacker, harder to block, and saving the attacker bandwidth issues from the responses to its queries)

the classic defense against SYN attacks is the SYNCOOKIE - many vendors (such as cisco) have their own reimplementations of this.
0
 

Author Closing Comment

by:trojan81
ID: 39844835
well said! thank you
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question