TCP – Is SYN Flooding Still a Threat?


Well recently I've been reading about different Denial of Service methods. One method that kind of stuck out was SYN flooding. I'm a member of some not-so-nice forums, and someone was selling a python script that would DoS a server using SYN packets with a spoofed IP address.

However, if you sent a SYN packet to a server, with a spoofed IP address, the target server would return the SYN/ACK packet to the host that was spoofed. In which case, wouldn't the spoofed host return an RST packet, thus negating the 75 second long-wait, and ultimately failing in its attempt to DoS the server?

EDIT: And what if I'm not using SYN cookies?

Best Answer

thanks to syncookies, the threat of syn flooding is kind of minimal these days.

basically when a syn packet is received, the server sends a cookie, and if the guest responds with the proper response, the connection is established.

syn_flooding used to cause issues, because the servers had to keep the connections open, waiting for the rest of the handshake.