We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What Are SYN Cookies?

By G. Wiesen
Updated: May 16, 2024
Views: 12,383
References
Share

SYN cookies are a method by which server administrators can prevent a form of denial of service (DoS) attack against a server through a method known as SYN flooding. This type of attack utilizes the process by which a connection between a client and host is established, known as a three-way handshake, to cause the host to have an excessive number of client requests, freezing or crashing the system. Such attacks have largely become outdated, however, through methods such as the use of SYN cookies that circumvent them. These cookies do not present a security threat or risk to either the host or clients and do not cause connectivity issues or problems.

The way in which SYN cookies function is built on the basic way by which many servers and users, or host and client systems, connect to each other. This process is known as a three-way handshake and begins when the client system sends a request to connect to the host system. The request is called a synchronize message or SYN and is received by the host system. This host system then acknowledges that the SYN has been received by sending an acknowledgement, or SYN-ACK message, back to the client.

Once the client system receives this SYN-ACK message, then a final ACK message is sent back by the client to the host. When the host system receives this final ACK, then it allows the client to access the system and can then receive additional SYN requests from other clients. Most host servers have a fairly small queue for SYN requests, usually only eight at any one time.

The form of DoS attack known as SYN flooding uses this to overwhelm a host system. This is done by sending a SYN message, to which a SYN-ACK is sent by the host in response, but the final ACK message is not sent by the client, keeping a position in the queue open. If this is done properly during a SYN flood attack, the entire queue becomes occupied by these unanswered requests and is unable to accept new requests from legitimate clients.

SYN cookies help circumvent this type of attack by allowing a host to act as though it has a larger queue than it truly has. In case of a SYN flood attack, the host can use SYN cookies to send a SYN-ACK to a client, but it eliminates the SYN entry for that client. This basically allows the host to function as though no SYN was ever received.

Once this SYN-ACK with SYN cookies is received by the client, however, the corresponding ACK sent back to the host includes data regarding the original SYN-ACK. The host can then use this ACK and the included SYN cookies to reconstruct the original SYN-ACK and the appropriate entry for that original request. Once this is done, the client can be allowed to connect to the host, but the entire process effectively circumvented the queue that may otherwise be occupied by a SYN flood attack.

Share
EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Link to Sources
Discussion Comments
Share
https://www.easytechjunkie.com/what-are-syn-cookies.htm
Copy this link
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.