This technique is used to attack the host in such a way that the host won't be able to serve any further requests to the user. Finally, the server crashes, resulting in a server unavailable condition.
There are various attack techniques used in this topic. We will cover SYN flood and ICMP flood detection with the help of Wireshark.
We learned about the TCP handshake process in Chapter 3, Analyzing the TCP Network. In this handshake process, a connection is established with SYN, SYN-ACK, and ACK between the client and server.
In the SYN flood attack scenario, what is happening is that:
The client is sending very fast SYN; it has received the SYN-ACK but doesn't respond with the final ACK
Alternatively, the client is sending very fast SYN and blocking the SYN-ACK from the server, or the client is sending very fast SYN from a spoofed IP address so the SYN-ACK is sent to an unknown host that virtually doesn't exist
In all these scenarios, the TCP/IP stack file descriptors are...