Internet illiterate

Jan 21, 1999
OK I have to ask. What is SYN Flooding? And how do I do it to some one else?

sorry for the boring answer, but welcome to the wonderful world of TCP/IP

A SYN flood is an exploit of the TCP/IP protocol (redundant, i know.) which you use when you are online.

A TCP connection makes a 3-way handshake. The connecting host sends a SYN packet to the receiving host. The receiving host sends a SYN/ACK packet back. The connecting host responds with an ACK to establish the connection.

In a SYN flood, the connecting host sends several SYN requests to the receiver, but when the receiver sends back the SYN/ACK packet, the connecting host doesn't respond with a final ACK.

Essentially, you open up a bunch of connections on a machine, filling up its buffer until it can no longer properly process requests.

I believe ISS has software that minimizes this problem. It's called 'RealSecure' or something like that.

There are lots of scripts out there for doing such a thing, so I'm not going to tell you how to do it. I believe Phrack magazine made it popular knowledge.

Obligitory knife banter: What knife would you use to skin a person who SYN floods your favorite web site and brings it down? Would you use a variety of knives for different tasks, or would you just lop off limbs with a Battle Mistress or a Kukhri?

Or are firearms more suitable for such as task

[This message has been edited by TomMarker (edited 16 June 1999).]
Tom, Thanks for the answere. I think that skinning might be better but Doc Welch is the one to ask. I would guess that multiple amputations would cause so much shock and blood loss that our subject would expire much to quickly. And Shooting is to kind.
I say beat 'em to death with a beach ball. This is the slowest, most painful form of death imaginable, aside from simply being alive.

David Rock

PS: Think of it as humor.

[This message has been edited by David Rock (edited 16 June 1999).]

Everything reminds me of the new Austin Powers movie now! i have this mental playback of Dr. Evil hitting Number 2 in the head with the giant globe-ball.

"what, are you going to cry now?"

To expand on what Tom said:

TCP/IP is actually a suite of protocols (maybe two dozen, some active, some retired, some experimental, etc) that is named for its two most used protocols. The Transmission Control Protocol (TCP), establishes a connection between two machines before data is transferred, a virtual circuit if you will, much like when you pick up the phone and call one of your friends. Think of the first SYN packet as the phone ringing. When it is answered ("Hello?"), that's the SYN/ACK packet. When you respond, that's the ACK to establish the connection ("Good afternoon, may I speak with Mr. O'Reilly?") and everything gets underway. Think of the SYN flood as someone (or a bunch of someones) who keep calling (SYN) the receptionist and not saying anything after she says hello (SYN/ACK). She has to wait for a few beats to make sure she's not hanging up on someone real (ACK?), meanwhile the phone is ringing off the hook with what might be either prank or legitimate callers(SYN! SYN! SYN!). The receptionist is soon rendered impotent and chaos ensues.

As for doing it yourself: Companies pay a lot of money to people like me to hunt the Bad Guys down. If you don't have the background and really know what you're doing, the chances are you're going to get caught. If you get caught Bad Things could happen to you.

This is a job for something very slow and very painful.

If a mound of fire ants and a jar of honey are not available, I'd use a box cutter and just keep slashing 'till their dead. Anything else would be showing mercy.

Man you guys are lightweights at torture. My idea involves a 1" PVC pipe, barbed wire, very little vaseline and a match

Best Regards,
Mike Turber
BladeForums Site Owner and Administrator
Do it! Do it right! Do it right NOW!

Remind me not to tick you guys off. Also, has anyone seen the scene in The Mummy where the mummy is being mummified alive with the scarab beetles? That would be a start on the proper punishment to someone who crashed my favorite website.

Just because I talk to myself doesn't mean I'm crazy. What's wrong with getting a second opinion?
Diehard battery and nipple clamps...
nuff said..

In all seriousness though, people pulling denial of service attacks is only going to get worse before it gets better. There are so many people out there who really don't know what they're doing, but have a script that will do it all for them. They don't even have to know what TCP/IP stands for to bring it down

Makes me hate my job as an admin sometimes...
I say the appropriate torture would be to place the syn-flooder in a room with adequate water and air supply, a cooking pot and burner and a Spydie Military, then brick up the doors and windows.

Think about it. (Hypothetically, of course...)

A mind all logic is like a knife all blade. It makes bleed the hand that uses it.
-Rabindranath Tagore

The more I think about it, the more I have to agree with myself.

The Syn flooding attack is basically a lot of little slashes, any one of which would do virtually no harm, but which, together, cause a systematic collapse. A few thousand little slashes with a box cutter would be the same thing.

I don't see why a SYN flood would crash the web server though, it is more of a DoS attack than an attack that crashes things. Theoretically the listen queue should just get full and then the server starts refusing connections. Any ideas why it crashed?

Forgot to add, since you're running a linux box, if you want to stop SYN flooding, enable "TCP syncookie support" and recompile the kernel. It violates the TCP RFC but I haven't encountered any problems.


[This message has been edited by Uranium (edited 20 June 1999).]
Uranium, please contact me offline about this, I have some questions to ask you.


Kevin Jon Schlossberg
SysOp and Administrator for

Insert witty quip here