The Rising Danger of SYN Reflection DDoS Attacks

1,407 views
1,124 views

Published on

SYN reflection attacks are a sophisticated distributed denial of service – or DDoS – attack method that usually requires some skill to execute. However, SYN reflection attacks have recently grown in popularity as software developers in the criminal underground have begun to offer easy-to-use applications that use SYN reflection scripts in DDoS-as-a-Service applications. Now even novices can launch SYN reflection attacks. Learn more about the threat of SYN DDoS and DrDoS attacks in this short presentation.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,407
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The Rising Danger of SYN Reflection DDoS Attacks

  1. 1. Denial of Service: SYN Reflection Attacks How to protect your network www.prolexic.com
  2. 2. SYN reflection attacks go mainstream • Distributed reflection and amplification denial of service attack, or DrDoS • Malicious use of the TCP/IP Internet communication handshake • One of the more sophisticated DDoS attack methods • Growing in popularity due to DDoS-as-a-Service apps • Now even a novice can launch a SYN attack 2 CONFIDENTIAL www.prolexic.com
  3. 3. DDoS-as-a-Service: Even a novice can do it • Malicious actors wrap web-based user interfaces around sophisticated scripts • Convenient DDoS-as-a-Service apps • Attackers can launch the DDoS app from a smartphone or computer 3 CONFIDENTIAL www.prolexic.com
  4. 4. SYN reflection attack: Misuse of the TCP handshake • The attacker’s target must support the Transmission Control Protocol (TCP), a common Internet protocol • TCP lets computers transmit data over the Internet, such as web pages and email • Before data is transmitted between machines, the computers must first establish a connection by a multi-step SYN-ACK handshake • If a handshake cannot be completed, the computers repeat the attempt 4 CONFIDENTIAL www.prolexic.com
  5. 5. What is a SYN flood? • SYN connection requests are repeated in rapid succession, until the target is overwhelmed 5 CONFIDENTIAL www.prolexic.com
  6. 6. Spoofing misdirects the handshakes • At least three systems are involved: – The attacker’s – An intermediary victim – one or many – The target • Spoofing allows the attacker to pretend the target server is the source of the handshake requests • The attacker gets the victim to try to connect to the target • Excessive connection requests overwhelm the victim and the target 6 CONFIDENTIAL www.prolexic.com
  7. 7. What is a SYN reflection attack? • A malicious actor bounces SYN requests off an intermediary victim machine 7 CONFIDENTIAL www.prolexic.com
  8. 8. SYN attack mitigation: Minimize backscatter from mitigation devices • Automated mitigation devices challenge SYN attacks to ensure they are legitimate • But unmanned DDoS mitigation devices can create backscatter, compounding the effects of an attack • The mitigation equipment will keep challenging the request from the spoofed IP address • The result is backscatter toward the target server • Packet analysis can minimize backscatter 8 www.prolexic.com
  9. 9. Learn more in the white paper • Download the DrDoS white paper: Analysis of SYN Reflection Attacks • In this white paper, you’ll learn: – – – – – – – 9 Why SYN reflection attacks create so much damage How attackers misuse the TCP handshake The problem of backscatter SYN reflection attack scenario Three common SYN reflection techniques SYN mitigation techniques Attack signature to identify and stop spoofed SYN reflection attacks www.prolexic.com
  10. 10. About Prolexic • Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services. • Prolexic has successfully stopped DDoS attacks for more than a decade. • We can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers. 10 www.prolexic.com

×