The DOS attack

This technique is used to attack the host in such a way that the host won't be able to serve any further requests to the user. Finally, the server crashes, resulting in a server unavailable condition.

There are various attack techniques used in this topic. We will cover SYN flood and ICMP flood detection with the help of Wireshark.

SYN flood

We learned about the TCP handshake process in Chapter 3, Analyzing the TCP Network. In this handshake process, a connection is established with SYN, SYN-ACK, and ACK between the client and server.

In the SYN flood attack scenario, what is happening is that:

  • The client is sending very fast SYN; it has received the SYN-ACK but doesn't respond with the final ACK
  • Alternatively, the client is sending very ...

Get Packet Analysis with Wireshark now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.