 - SYN scanning is a tactic that a malicious hacker (or cracker) can use to determine the state of a communications port without establishing a full connection. This approach, one of the oldest in the repertoire of crackers, is sometimes used to perform denial-of-service (DOS) attacks. SYN scanning is also known as half-open scanning.
In SYN scanning, the hostile client attempts to set up a TCP/IP
connection with a server at every possible port. This is done by sending a
SYN (synchronization) packet, as if to initiate a three-way handshake, to
every port on the server. If the server responds with a SYN/ACK
(synchronization acknowledged) packet from a particular port, it means the
port is open. Then the hostile client sends an RST (reset) packet. As a
result, the server assumes that there has been a communications error, and
that the client has decided not to establish a connection. The open
port nevertheless remains open and vulnerable to exploitation. If the server
responds with an RST (reset) packet from a particular port, it indicates
that the port is closed and cannot be exploited.
By continuously sending large numbers of SYN packets to a server, a
cracker can consume the resources of the server. Because the server is
flooded with requests from the hostile client, few or no communications from
legitimate clients can take place.
| LAST UPDATED: |
16 Apr 2007
|
 |
Read more about SYN scanning:
|
|
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
|
