What is the purpose of using random IP addresses in SYN Flood Attack?
What is the purpose of using random IP addresses in SYN Flood Attack?
flooding
edited 4 hours ago
Andy Lester
31226
asked 19 hours ago
Henok TesfayeHenok Tesfaye
1878
New contributor
Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
What is the purpose of using random IP addresses in SYN Flood Attack?
flooding
edited 4 hours ago
Andy Lester
31226
asked 19 hours ago
Henok TesfayeHenok Tesfaye
1878
New contributor
Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
What is the purpose of using random IP addresses in SYN Flood Attack?
flooding
edited 4 hours ago
Andy Lester
31226
asked 19 hours ago
Henok TesfayeHenok Tesfaye
1878
New contributor
Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
What is the purpose of using random IP addresses in SYN Flood Attack?
flooding
flooding
edited 4 hours ago
Andy Lester
31226
asked 19 hours ago
Henok TesfayeHenok Tesfaye
1878
New contributor
Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 4 hours ago
Andy Lester
31226
asked 19 hours ago
Henok TesfayeHenok Tesfaye
1878
New contributor
Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 4 hours ago
Andy Lester
31226
edited 4 hours ago
Andy Lester
31226
edited 4 hours ago
Andy Lester
31226
31226
asked 19 hours ago
Henok TesfayeHenok Tesfaye
1878
New contributor
Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 19 hours ago
Henok TesfayeHenok Tesfaye
1878
asked 19 hours ago
Henok TesfayeHenok Tesfaye
1878
1878
New contributor
Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
A client opens a TCP connection by sending a SYN packet to a server. The server replies with a single SYN+ACK, and the client responds again with an ACK. Because of natural network latency, the server may wait a short time after sending SYN+ACK to the specified source address for an ACK reply, and this behavior is what a SYN flood exploits. Because the source address was spoofed, the reply will never come. If the server is waiting on enough fake connections that will never be completed, it will become unable to open any new connections, legitimate or not. This condition is called denial of service.
SYN flood attacks do not require the attacker receive a reply from the victim, so there is no need for the attacker to use its real source address. Spoofing the source address both improves anonymity by making it harder to track down the attacker, as well as making it more difficult for the victim to filter traffic based on IP. After all, if each packet used the same source address (whether spoofed or not), any decent firewall would quickly begin blocking all SYN packets from that address and the attack would fail.
answered 19 hours ago
forestforest
35.3k17116123
add a comment |
SYN flood attack detects when there is an attack with the same IP address. So you will not have a successful attack However if you have a Random IP address to attack then it will not detect anything with the same IP address so you will have a successful attack
answered 11 hours ago
Michale RezeneMichale Rezene
413
New contributor
Michale Rezene is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
You double your traffic by not using your own IP. The response from the victim goes out to the IP you spoofed, who reply with a RST (subject to caveats).
Being unpredictable makes them harder to block.
They are often not random completely random though. They are often chosen to be on the attacked network. Also, as the filters are not that smart, they often get away with only sightly shuffled IPs.
answered 14 hours ago
drjpizzledrjpizzle
1212
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Henok Tesfaye is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f203193%2fwhat-is-the-purpose-of-using-random-ip-addresses-in-syn-flood-attack%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
A client opens a TCP connection by sending a SYN packet to a server. The server replies with a single SYN+ACK, and the client responds again with an ACK. Because of natural network latency, the server may wait a short time after sending SYN+ACK to the specified source address for an ACK reply, and this behavior is what a SYN flood exploits. Because the source address was spoofed, the reply will never come. If the server is waiting on enough fake connections that will never be completed, it will become unable to open any new connections, legitimate or not. This condition is called denial of service.
SYN flood attacks do not require the attacker receive a reply from the victim, so there is no need for the attacker to use its real source address. Spoofing the source address both improves anonymity by making it harder to track down the attacker, as well as making it more difficult for the victim to filter traffic based on IP. After all, if each packet used the same source address (whether spoofed or not), any decent firewall would quickly begin blocking all SYN packets from that address and the attack would fail.
answered 19 hours ago
forestforest
35.3k17116123
add a comment |
A client opens a TCP connection by sending a SYN packet to a server. The server replies with a single SYN+ACK, and the client responds again with an ACK. Because of natural network latency, the server may wait a short time after sending SYN+ACK to the specified source address for an ACK reply, and this behavior is what a SYN flood exploits. Because the source address was spoofed, the reply will never come. If the server is waiting on enough fake connections that will never be completed, it will become unable to open any new connections, legitimate or not. This condition is called denial of service.
SYN flood attacks do not require the attacker receive a reply from the victim, so there is no need for the attacker to use its real source address. Spoofing the source address both improves anonymity by making it harder to track down the attacker, as well as making it more difficult for the victim to filter traffic based on IP. After all, if each packet used the same source address (whether spoofed or not), any decent firewall would quickly begin blocking all SYN packets from that address and the attack would fail.
answered 19 hours ago
forestforest
35.3k17116123
add a comment |
A client opens a TCP connection by sending a SYN packet to a server. The server replies with a single SYN+ACK, and the client responds again with an ACK. Because of natural network latency, the server may wait a short time after sending SYN+ACK to the specified source address for an ACK reply, and this behavior is what a SYN flood exploits. Because the source address was spoofed, the reply will never come. If the server is waiting on enough fake connections that will never be completed, it will become unable to open any new connections, legitimate or not. This condition is called denial of service.
SYN flood attacks do not require the attacker receive a reply from the victim, so there is no need for the attacker to use its real source address. Spoofing the source address both improves anonymity by making it harder to track down the attacker, as well as making it more difficult for the victim to filter traffic based on IP. After all, if each packet used the same source address (whether spoofed or not), any decent firewall would quickly begin blocking all SYN packets from that address and the attack would fail.
answered 19 hours ago
forestforest
35.3k17116123
A client opens a TCP connection by sending a SYN packet to a server. The server replies with a single SYN+ACK, and the client responds again with an ACK. Because of natural network latency, the server may wait a short time after sending SYN+ACK to the specified source address for an ACK reply, and this behavior is what a SYN flood exploits. Because the source address was spoofed, the reply will never come. If the server is waiting on enough fake connections that will never be completed, it will become unable to open any new connections, legitimate or not. This condition is called denial of service.
SYN flood attacks do not require the attacker receive a reply from the victim, so there is no need for the attacker to use its real source address. Spoofing the source address both improves anonymity by making it harder to track down the attacker, as well as making it more difficult for the victim to filter traffic based on IP. After all, if each packet used the same source address (whether spoofed or not), any decent firewall would quickly begin blocking all SYN packets from that address and the attack would fail.
answered 19 hours ago
forestforest
35.3k17116123
edited 17 hours ago
answered 19 hours ago
forestforest
35.3k17116123
answered 19 hours ago
forestforest
35.3k17116123
answered 19 hours ago
forestforest
35.3k17116123
35.3k17116123
add a comment |
add a comment |
SYN flood attack detects when there is an attack with the same IP address. So you will not have a successful attack However if you have a Random IP address to attack then it will not detect anything with the same IP address so you will have a successful attack
answered 11 hours ago
Michale RezeneMichale Rezene
413
New contributor
Michale Rezene is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
SYN flood attack detects when there is an attack with the same IP address. So you will not have a successful attack However if you have a Random IP address to attack then it will not detect anything with the same IP address so you will have a successful attack
answered 11 hours ago
Michale RezeneMichale Rezene
413
New contributor
Michale Rezene is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
SYN flood attack detects when there is an attack with the same IP address. So you will not have a successful attack However if you have a Random IP address to attack then it will not detect anything with the same IP address so you will have a successful attack
answered 11 hours ago
Michale RezeneMichale Rezene
413
New contributor
Michale Rezene is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
SYN flood attack detects when there is an attack with the same IP address. So you will not have a successful attack However if you have a Random IP address to attack then it will not detect anything with the same IP address so you will have a successful attack
answered 11 hours ago
Michale RezeneMichale Rezene
413
New contributor
Michale Rezene is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 11 hours ago
Michale RezeneMichale Rezene
413
New contributor
Michale Rezene is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 11 hours ago
Michale RezeneMichale Rezene
413
answered 11 hours ago
Michale RezeneMichale Rezene
413
413
New contributor
Michale Rezene is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Michale Rezene is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Michale Rezene is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
You double your traffic by not using your own IP. The response from the victim goes out to the IP you spoofed, who reply with a RST (subject to caveats).
Being unpredictable makes them harder to block.
They are often not random completely random though. They are often chosen to be on the attacked network. Also, as the filters are not that smart, they often get away with only sightly shuffled IPs.
answered 14 hours ago
drjpizzledrjpizzle
1212
add a comment |
You double your traffic by not using your own IP. The response from the victim goes out to the IP you spoofed, who reply with a RST (subject to caveats).
Being unpredictable makes them harder to block.
They are often not random completely random though. They are often chosen to be on the attacked network. Also, as the filters are not that smart, they often get away with only sightly shuffled IPs.
answered 14 hours ago
drjpizzledrjpizzle
1212
add a comment |
You double your traffic by not using your own IP. The response from the victim goes out to the IP you spoofed, who reply with a RST (subject to caveats).
Being unpredictable makes them harder to block.
They are often not random completely random though. They are often chosen to be on the attacked network. Also, as the filters are not that smart, they often get away with only sightly shuffled IPs.
answered 14 hours ago
drjpizzledrjpizzle
1212
You double your traffic by not using your own IP. The response from the victim goes out to the IP you spoofed, who reply with a RST (subject to caveats).
Being unpredictable makes them harder to block.
They are often not random completely random though. They are often chosen to be on the attacked network. Also, as the filters are not that smart, they often get away with only sightly shuffled IPs.
answered 14 hours ago
drjpizzledrjpizzle
1212
answered 14 hours ago
drjpizzledrjpizzle
1212
answered 14 hours ago
drjpizzledrjpizzle
1212
answered 14 hours ago
drjpizzledrjpizzle
1212
1212
add a comment |
add a comment |
Henok Tesfaye is a new contributor. Be nice, and check out our Code of Conduct.
Henok Tesfaye is a new contributor. Be nice, and check out our Code of Conduct.
Henok Tesfaye is a new contributor. Be nice, and check out our Code of Conduct.
Henok Tesfaye is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f203193%2fwhat-is-the-purpose-of-using-random-ip-addresses-in-syn-flood-attack%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
