SYN Flooding DOS Attack



User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Fri Jul 07, 2006 12:55 pm

SYN Flooding DOS Attack

Hi Friends,

I am posting more questions that I have faced during my course. Please discuss the same. The next question is:

What TCP/IP Vulnerability does the SYN Flooding DOS Attack exploit?

1. There is no limit to the number of connections possible on a host.
2. Connection Establishment is a very cumbersome process.
3. There are an unlimited number of IP addresses possible.
4. The target computer has limited bandwidth.
5. TCP/IP cannot handle SYN data packets.


The Morpheus
Last edited by morpheus063 on Mon Sep 25, 2006 10:11 pm, edited 1 time in total.
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n


User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Fri Jul 07, 2006 1:59 pm

Re: SYN Flooding DOS Attack - AFCEH Question

What do you think the answer is?
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!


User avatar

Sr. Member
Sr. Member

Posts: 299

Joined: Sat Sep 10, 2005 5:45 pm

Location: /dev/null

Post Fri Jul 07, 2006 3:05 pm

Re: SYN Flooding DOS Attack - AFCEH Question

Dengar is right. We aren't here to do your homework for you. If you're going to post questions you may at the very least post which answer you think is corect and why. I'm sure that the members here will be more than obliging in correcting you if you make a mistake.

BTW, I'd go for answer no. 2. This question is very easy and deals with basic understanding of TCP/IP. If you don't feel comfortable with the study material perhaps you should defer your exam until you've done some revision.

There are 10 kinds of people, those that understand binary, and those that don't.


Jr. Member
Jr. Member

Posts: 73

Joined: Mon Nov 07, 2005 12:23 pm

Post Sat Jul 08, 2006 4:34 am

Re: SYN Flooding DOS Attack - AFCEH Question

The only answer which would make at least a bit sense is 4. - DOS attacks always deals with limited resources but SynFlooding is not really using bandwith but the limited capability of a host to handle connections.

I would say all these answers are a bit odd...
MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+


Post Sun Jul 30, 2006 9:51 pm

Re: SYN Flooding DOS Attack - AFCEH Question

either 2 or 4, i would probably choose 2 since a SYN Flood has nothing to do with a host's bandwidth per say but is an attack on the OS to keep up with the SYN requests  and the ACK's back.  but i could see 4 being an option that could be considered correct depending on how you look at it.

crappyily worded question either way



Posts: 28

Joined: Thu Feb 23, 2006 4:21 pm

Post Mon Jul 31, 2006 2:01 pm

Re: SYN Flooding DOS Attack - AFCEH Question

It is poorly written but that's common to a lot of testing questions. CISSP comes to mind. =)

Are they saying it's a vulnerability in the TCP/IP standard or how different OSes implement it in their stacks? An arguement could be made that the answer is 1. Being the standard doesn't limit the number of connections that can be attempted to a host, this allows for SYN packets to overload the stack.


User avatar


Posts: 237

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Mon Jul 31, 2006 2:14 pm

Re: SYN Flooding DOS Attack - AFCEH Question

I would have to say the answer is 4.

The TCP connection process isn't cumbersome SYN/SYNACK/ACK, thats it. Yeah its not a simple as UDP, but really its not "cumbersome" for an enduser in anyway.

Question 4 states bandwidth, however doesn't specifically say network bandwidth. While not completely generic you could interpret that in several ways. In the broadest sense, a given computer only has enough bandwidth to support so many half open connections before it can't take anymore. I would also tend to believe that network bandwidth is directly relevant, as an attacking computer with huge pipe, will overwhelm a target machine with smaller pipe very easily, even though it doesn't take that many packets to create a SYN flood condition.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 3 guests

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software