Network Attacks: Protocol-Anomaly Attacks

Most network protocols were not designed with security in mind. An attacker can generate abnormal network packets that do not follow the expected format and purpose of the protocol, with the result that the attacker is able to either hack a remote host or network, or compromise a confidential network data stream.

Network-layer attacks are most frequently used to get behind firewalls and to make DoS attacks. DoS attacks are popular against big e-commerce sites. In one kind of DoS attack, the attacker computers send massive amounts of TCP SYN packets.

This is the first of three packets sent during a normal TCP handshake used to begin a communication session. The target computer responds with the expected ACK/SYN packet, which is normal, and then expects an answering ACK from the source.
But, the ACK packet never comes, letting the TCP connection in an open state, waiting for an extended period of time. When transferred millions of these packets, the attacked system is exhausted with open connections all in a waiting state. Usually, the victim computer has to reboot to clear all the open connections. If they do reboot without doing something to stop the DoS attack, it just occurs again and again.