ght floods of data to overwhelm the finite capacity of your connection, spoof unread/redirect a.k.a. click which tricks your computer into thinking there is a network failure and voluntarily breaking the connection, and a whole new generation of distributed denial of service attacks (although these are seldom used against individuals). III. SYN AttackWhen a session is initiated between the TCP client and server in a network, a very small buffer space exists to handle the usually rapid "hand-shaking" exchange of messages that sets up the session. The session-establishing packets include a SYN field that identifies the sequence in the message exchange. An attacker can send a number of connection requests very rapidly and then fail to respond to the reply. This leaves the first packet in the buffer so that other, legitimate connection requests can't be accommodated. Although the packet in the buffer is dropped after a certain period of time without a reply, the effect of many of these bogus connection requests is to make it difficult for legitimate requests for a session to get established. In general, this problem depends on the operating system providing correct settings or allowing the network administrator to tune the size of the buffer and the timeout period. IV. Teardrop AttackThis type of denial of service attack exploits the way that the IP requires a packet that is too large for the next router to handle be divided into fragments. The fragment packet identifies an offset to the beginning of the first packet that enables the entire packet to be reassembled by the receiving system. In the teardrop attack, the attacker's IP puts a confusing offset value in the second or later fragment. If the receiving operating system does not have a plan for this situation, it can cause the system to crash. How to Block a DOS AttackOne of the more common methods of blocking a "denial of service" attack is to set up a filter, or "sniffer," on a netw...
