Am 21.05.2013 20:05, schrieb Alex Flex:
Why is clearly so significantly expensive for the recieving side rather than the sending side to process a syn flood if they have identical hardware?
Sending is fundamentally less work than receiving.
The sender just puts whatever it wants to send on the line. The receiver has to recognize it, analyze it, find out whether it is the intended recipient, match it with what it received before, keep state, etc.
In the case of a SYN flood, the sender exacerbates this on purpose, by reducing its own workload (exploiting the fact that it doesn't really want to communicate) and maliciously increasing the receiver's workload (forcing it to maintain enormous numbers of half-open connections).
So it's really quite unsurprising that a SYN flood puts less load on the sender than on the receiver.