Why ACK flood is effective?



  • I understand that SYN flood is effective due to how protocol works, waiting around 75 seconds before closing the connection.

    What about ACK flood, what does it happen on the destination side that makes this attack effective (hypothetically) ?



  • what does it happen on the destination side that makes this attack effective (hypothetically) ?

    A SYN flood is effective since each new SYN marks the beginning of a potential new connection and thus the system will allocate a new state (i.e. memory) and send a SYN+ACK back.

    An ACK which does not match an existing connection and its state though will simply be discarded. No new memory need to be allocated for this, no data will be sent back. It still takes some time to process and it consumes bandwith, but that's it. This means an ACK attack is not very effective compared to a SYN attack.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2