RS_MCP wrote: »
Can someone explain to me what a SYN attack is?
On my firewall in ASDM, it is showing me "Top 10 protected servers under SYN attack" what exactly does this mean?
instant000 wrote: »
SYN attack takes advantage of the TCP handshake.
When a system runs TCP, it interprets the receipt of a SYN as the beginning of a communication, so it will, then respond with a SYN/ACK, and thus form a half-open TCP connection. It is, of course expecting the other station to respond with an ACK, and thus complete the handshake, and then begin passing data.
The half-open session will timeout eventually, but until that occurs, one of the available TCP sessions on the system will be occupied.
The key problem is that the SYN attack isn't designed to form actual TCP connections, but just making a bunch of half-open connections (thousands of them), which can basically cause a denial-of-service type condition, and can really wreck up some equipment that can't handle it.
It's a protocol exploit, basically.
As the prior poster said, you would be well served to research up a bit on this one, as an insecure network won't do you much good.
EDIT: Consider the Security+. You might laugh at its being entry-level, but I do recall that it covered common network attacks.
Hope this helps.