TCP and UDP are the transport protocols found at OSI Layer 4—transport. We've learned about them in more detail in Chapter 1, with TCP being more complex than UDP because it's a connection-oriented protocol that has a flow-control mechanism (windowing), while UDP is simple and connectionless, and with no flow-control implemented in the protocol.
Being a connection-oriented protocol, a TCP connection is established using a three-way handshake as described in Chapter 1. An attacker can exploit this property of the protocol by sending a very large number of SYN packets without regarding the SYNACK the attacked host sends back. This type of attack is called TCP SYN attack or SYN flooding .
SYN flooding can be successful as the attacked computer keeps track of partially opened connections for minimum 75 seconds in a "listen queue". The queue is limited on various TCP implementations; therefore a SYN flood can fill it up, causing the machine to reboot or to...