Talk:Resource attack: Difference between revisions

	Main Article	Discussion	Related Articles  [?]	Bibliography  [?]	External Links  [?]	Citable Version  [?]
	To learn how to update the categories for this article, see here. To update categories, edit the metadata template.  Definition:  Malware that overwhelms processing, memory, or network resources of a computer system by sending large numbers requests that appear legitimate, but at a high rate or in some manner crafted to make resources unavailable [d] [e] Checklist and Archives  Workgroup category:  Computers [Categories OK]  Subgroup category:  Security  Talk Archive:  none  English language variant:  American English Unused subpages  Unused subpages:  - Bibliography - External Links - Works - Discography - Filmography - Catalogs - Timelines - Gallery - Audio - Video - Code - Tutorials - Student Level - Signed Articles - Function - Addendum - Debate Guide - Advanced - Recipes - Citable Version

SYNs and ACKs

The description here of which messages have which flags set is different from what I thought it was. Checking the CERT document linked, their description is different from both. Sandy Harris 15:16, 25 June 2010 (UTC)

OK, while the page looks OK to me, let me describe, from wetware memory of lots of protocol analyzer traces. There are nuances for connection collision that probably aren't relevant.

Originator sends SYN with proposed send sequence number and credit

Receiver sends SYN-ACK with proposed received sequence number if connection accepted; silent if rejecting connection

Originator confirms three-way handshake with SYN-ACK and updated bidirectional sequence numbers.

In a SYN-FLOOD, attacker repeats the first message but never the third.

--Howard C. Berkowitz 15:34, 25 June 2010 (UTC)