How to stop SYN FLOOD attacks?

Question:

anonymous

2007-06-08 08:23:04 UTC

A few weeks ago I got my first router (had been using a basic modem before that) and on 5 occasions now my connection has stopped working thanks to a SYN FLOOD attack. My internet becomes unusable and the only way to get it working again is to restart the router, according to the logs the SYN FLOODs are happening every few seconds. According to everything I have read online SYN FLOODs are really old and basic attacks that any half decent router should prevent against by default.

The router I have is a Belkin ADSL Wireless G Router - F5D7632-4

Please can someone help me to stop these attacks & remember this is my first router so I am not too up on technical terms and whatnot.

Thanks

Four answers:

anonymous

2007-06-11 22:18:38 UTC

You're right, a SYN FLOOD is as old as the hills...

If a firewall can detect a SYN FLOOD, normally it's reported with the source IP address so you know which direction it's coming from... the Internet or a LAN host. If it's coming from a LAN host (ie not facing the Interent), then you need to take steps to track down which machine and which application is causing the problem. If it's coming from the Internet, then you maybe need to find a way of blocking the IP address or talking to your ISP asking them to block the traffic before it gets to you.

In a nutshell, a SYN FLOOD is a large number of half-open connection attempts. Normally computers will re-try a few times if a connection is poor but a SYN FLOOD has no intention of creating a connection, it just wants to keep your router so busy trying to respond to connection requests your router will stop servicing legitimate traffic.

Note that this can also happen due to poor network connectivity and application design, you're not necessarily subject to an intentional attack.

Audrey

2016-03-19 06:38:27 UTC

It means, that when I send the remote host a syn, when the remote machine receives the syn, it allocates a bit of RAM. After the timeout it reallocates it. Now, here is where the flood comes in. If I send 40 million syn requests to that remote host, it's going to allocate a hell of a lot of ram for those requests. After so long, it's going to eat up all of the ram.

rmelnik@sbcglobal.net

2007-06-08 18:56:59 UTC

May want to see if dd wrt or a something like it is available for your router ie a 3rd party firmware. They run on a linux platform and will handle such attacks much more efficient.

MLM

2007-06-08 08:35:53 UTC

You should go to Belkin Support at http://www.belkin.com/support/ but in the interim, this might be of use to you

http://www.iss.net/security_center/advice/Exploits/TCP/SYN_flood/default.htm

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese