MediumCheck or Attack Name: syncstorm
SYN flooding is an attack based on sending numerous session connection requests to a server and never completing the entire handshake. In some systems, this behavior depletes the new connection buffer space and records all the new connections, which results in a denial of service for clients wishing to make legitimate connections.
Most modern releases of operating systems contain fixes for SYN-based flooding attacks and users should contact their vendor for further information. Windows NT users should upgrade to at least SP2 or install the synattack post-SP1 hotfix to remedy this vulnerability.
IBM Emergency Response Service Security Vulnerability Alert ERS-SVA-E01-1996:006.1, Newly Available Patches for IBM AIX(r) Address `SYN Flood' and `Ping o' Death' Vulnerabilities, http://www-1.ibm.com/services/brs/brspwhub.nsf/advisories
Microsoft Knowledge Base Article Q142641, Internet Server Unavailable Because of Malicious SYN Attacks, http://support.microsoft.com/support/kb/articles/q142/6/41.asp
CERT Advisory CA-96.21, TCP SYN Flooding and IP Spoofing Attacks, http://www.cert.org/advisories/CA-96.21.tcp_syn_flooding.html
Silicon Graphics Inc. Security Advisory 19960901-01-A, TCP SYN Denial of Service Attack, ftp://sgigate.sgi.com/security/19960901-01-A
Silicon Graphics Inc. Security Advisory 19961202-01-PX, TCP SYN and Ping Denial of Service Attacks, ftp://sgigate.sgi.com/security/19961202-01-PX
Sun Microsystems, Inc. Security Bulletin #00136, TCP-based "SYN flood" denial-of-service attack, http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/136&type=0&nav=sec.sba
