The DOS attack

This technique is used to attack the host in such a way that the host won't be able to serve any further requests to the user. Finally, the server crashes, resulting in a server unavailable condition.

There are various attack techniques used in this topic. We will cover SYN flood and ICMP flood detection with the help of Wireshark.

SYN flood

We learned about the TCP handshake process in Chapter 3, Analyzing the TCP Network. In this handshake process, a connection is established with SYN, SYN-ACK, and ACK between the client and server.

In the SYN flood attack scenario, what is happening is that:

The client is sending very fast SYN; it has received the SYN-ACK but doesn't respond with the final ACK
Alternatively, the client is sending very ...

Get Packet Analysis with Wireshark now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Packet Analysis with Wireshark by Anish Nath

The DOS attack

SYN flood

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly