search

tevino / tcp-shaker

:heartbeat: Perform TCP handshake without ACK in Go, useful for health check, that is SYN, SYN-ACK, RST.
MIT License
413 stars 56 forks source link

Does preventing the final ACK not cause SYN flood? #14

Closed damien-roche closed 5 years ago

damien-roche commented 5 years ago

https://www.incapsula.com/ddos/attack-glossary/syn-flood.html

In a SYN flood attack, the attacker sends repeated SYN packets to every port on the targeted server, often using a fake IP address. The server, unaware of the attack, receives multiple, apparently legitimate requests to establish communication. It responds to each attempt with a SYN-ACK packet from each open port.

The malicious client either does not send the expected ACK, or—if the IP address is spoofed—never receives the SYN-ACK in the first place. Either way, the server under attack will wait for acknowledgement of its SYN-ACK packet for some time.

Apologies to raise as an issue. I'm currently building a health checker + latency tracker. Unsure if this lib would cause issues by leaving servers waiting for the final ack.

tevino commented 5 years ago

@damien-roche This lib sends RST at the end, so the server on the other side won't be left waiting for the final ACK, thus no SYN flood made.

damien-roche commented 5 years ago

Good to know, thanks!