Why SYN Flood attack works

• Victim can’t respond with SYN-ACK

• Victim demuxes the packet and stores information in memory via socket{}, inpcb{}, tcpcb{}

• Increasing backlog queue helps minimally since it holds incoming and pending connection requests

• Client remains in SYN_RCVD state until connection timer expires and memory allocated to buffers is destroyed

Previous slide

Next slide

Back to first slide

View graphic version