SYN Storm contents.gifindex.gif

SYN Storm

The scanner achieves a temporary denial of service attack by establishing a large number of TCP connections to the target firewall. When enough connections are achieved through the sync storm, the firewall becomes temporarily unusable by outside clients. The scanner floods a port with SYN packets. Since each SYN forces the target to allocate a buffer for that session, with enough buffers, depending on the vendor, the port can become busied-out and hence unavailable to anyone else.

Risk: Low

Fix: Contact your vendor for a patch.