Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

syn dos vs. http dos

Posted on 2014-01-21
2
298 Views
Last Modified: 2014-02-08
Experts,

What's the difference between a syn dos and an http dos? Or is there not a difference and http dos is just a form of syn dos?
0
Comment
Question by:trojan81
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 400 total points
ID: 39799546
A SYN dos sends only SYN packets. To understand what that means, you need to understand how TCP works - essentially, for each TCP connection, there is an exchange like this:

C->S  <syn>
S->C <syn-ack>
C->S <ack>

a SYN dos attack sends only the syn, and ignores the reply. as the server creates a table entry in its TCP stack for each connection on receipt of the syn, this attack eats up all available table entries until no further clients can connect.

a http dos attack is different. each will perform a full handshake as above, request a page, and then on the same channel, request a page (again and again) - preferably a dynamic page so that the server has to work to calculate the page again and again, but a static will do.

as each http server can only handle a limited number of threads (either due to cpu/memory constraints or configuration) the repeated requests occupy all the server's capacity and it cannot accept or process any further client connections until the attacker's sessions complete - and as they are continually querying on the same connection, they *never* complete.

the downside (for an attacker) is that http attacks require a full tcp connection, hence cannot be sent from a faked address. SYN attacks, by contrast, can be sent from a faked address (or multiple faked addresses), and hence the responses go elsewhere (making it harder to trace the attacker, harder to block, and saving the attacker bandwidth issues from the responses to its queries)

the classic defense against SYN attacks is the SYNCOOKIE - many vendors (such as cisco) have their own reimplementations of this.
0
 

Author Closing Comment

by:trojan81
ID: 39844835
well said! thank you
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question