A SYN flood is a form of denial of service (DoS) assault that bombards a computer, such as a web server, with "SYN" communications. The initial stage of creating contact between two computers over the TCP/IP protocol is called "synchronize," or SYN for short.

A server will send a SYN-ACK (synchronize acknowledge) communication in response to a SYN request. An ACK (acknowledge) communication is then sent back by the computer to create a link between the two platforms. A computer launches a SYN flood assault when it sends out a lot of SYN queries but no ACK responses. As a result, the computer must wait for numerous replies, consuming system resources. The computer might not be able to fulfill valid queries if the backlog of answer requests gets too big. A sluggish or inactive website is the outcome of this.

Since SYN flooding is a typical form of denial-of-service attack, most server software can identify and halt SYN floods before they have a significant impact on the server. For instance, a server might briefly stop all requests coming from a particular IP address if it quickly gets a lot of SYN requests from that address.

Attacks known as distributed denial of service (DDoS) are more challenging to manage because they bombard the website from numerous IP addresses. However, by employing SYN storage or SYN cookies, these assaults can be curbed. These two techniques both capture the IP addresses of deluge assaults. Following that, the system sets a cap on the amount of resources the computer can use to react to queries from these places. Direct server configuration or network router configuration is both options for this form of SYN overflow defense.