Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| en:dpi:dpi_options:opt_ddos:ddos_dos:ddos_dos_synflood [2020/04/21 14:02] – lexx26 | en:dpi:dpi_options:opt_ddos:ddos_dos:ddos_dos_synflood [2024/09/26 15:29] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== | + | ====== Protection against SYN flood attack ====== |
| {{indexmenu_n> | {{indexmenu_n> | ||
| + | |||
| + | <note tip>The service can be configured through the GUI. [[dpi: | ||
| + | |||
| SYN flood attack leads to lack of resources on its target system. Indeed, for each SYN packet the system has to allocate some memory resources, or to look up sessions lists, or to generate the specific SYN+ACK reply. The latest contains cryptographic cookie. This requires significant CPU resources. In all cases denial of service happens at incoming rate of SYN packets from 100,000 to 500,000 per second. Note that even 1Gb/s channel allows a hacker to send up to 1.5 million packets per second to the target site. | SYN flood attack leads to lack of resources on its target system. Indeed, for each SYN packet the system has to allocate some memory resources, or to look up sessions lists, or to generate the specific SYN+ACK reply. The latest contains cryptographic cookie. This requires significant CPU resources. In all cases denial of service happens at incoming rate of SYN packets from 100,000 to 500,000 per second. Note that even 1Gb/s channel allows a hacker to send up to 1.5 million packets per second to the target site. | ||