SYN floods are also very difficult to defend against. Often, the size of the connection queue is increased as a result.

Some operating systems increase the queue size on an as-needed basis. You can decrease the timeout length, but you may end up dropping slower, legitimate connections.

Good defenses:

  • intrusion detection systems
  • vendor patches
  • TCP Wrappers

Many organizations use Web farms (numerous Web servers that answer to the same domain name) to defend their Web servers against this kind of attack.