syn dos vs. http dos

Experts,

What's the difference between a syn dos and an http dos? Or is there not a difference and http dos is just a form of syn dos?
trojan81Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave HoweSoftware and Hardware EngineerCommented:
A SYN dos sends only SYN packets. To understand what that means, you need to understand how TCP works - essentially, for each TCP connection, there is an exchange like this:

C->S  <syn>
S->C <syn-ack>
C->S <ack>

a SYN dos attack sends only the syn, and ignores the reply. as the server creates a table entry in its TCP stack for each connection on receipt of the syn, this attack eats up all available table entries until no further clients can connect.

a http dos attack is different. each will perform a full handshake as above, request a page, and then on the same channel, request a page (again and again) - preferably a dynamic page so that the server has to work to calculate the page again and again, but a static will do.

as each http server can only handle a limited number of threads (either due to cpu/memory constraints or configuration) the repeated requests occupy all the server's capacity and it cannot accept or process any further client connections until the attacker's sessions complete - and as they are continually querying on the same connection, they *never* complete.

the downside (for an attacker) is that http attacks require a full tcp connection, hence cannot be sent from a faked address. SYN attacks, by contrast, can be sent from a faked address (or multiple faked addresses), and hence the responses go elsewhere (making it harder to trace the attacker, harder to block, and saving the attacker bandwidth issues from the responses to its queries)

the classic defense against SYN attacks is the SYNCOOKIE - many vendors (such as cisco) have their own reimplementations of this.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
trojan81Author Commented:
well said! thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.