Solved

syn dos vs. http dos

Posted on 2014-01-21
2
300 Views
Last Modified: 2014-02-08
Experts,

What's the difference between a syn dos and an http dos? Or is there not a difference and http dos is just a form of syn dos?
0
Comment
Question by:trojan81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 400 total points
ID: 39799546
A SYN dos sends only SYN packets. To understand what that means, you need to understand how TCP works - essentially, for each TCP connection, there is an exchange like this:

C->S  <syn>
S->C <syn-ack>
C->S <ack>

a SYN dos attack sends only the syn, and ignores the reply. as the server creates a table entry in its TCP stack for each connection on receipt of the syn, this attack eats up all available table entries until no further clients can connect.

a http dos attack is different. each will perform a full handshake as above, request a page, and then on the same channel, request a page (again and again) - preferably a dynamic page so that the server has to work to calculate the page again and again, but a static will do.

as each http server can only handle a limited number of threads (either due to cpu/memory constraints or configuration) the repeated requests occupy all the server's capacity and it cannot accept or process any further client connections until the attacker's sessions complete - and as they are continually querying on the same connection, they *never* complete.

the downside (for an attacker) is that http attacks require a full tcp connection, hence cannot be sent from a faked address. SYN attacks, by contrast, can be sent from a faked address (or multiple faked addresses), and hence the responses go elsewhere (making it harder to trace the attacker, harder to block, and saving the attacker bandwidth issues from the responses to its queries)

the classic defense against SYN attacks is the SYNCOOKIE - many vendors (such as cisco) have their own reimplementations of this.
0
 

Author Closing Comment

by:trojan81
ID: 39844835
well said! thank you
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question