An Analysis of DrDoS Methods: SYN Reflection DDoS Attacks


Published on | reflection attacks are a sophisticated distributed denial of service – or DDoS – attack method that usually requires some skill to execute. However, SYN reflection attacks have recently grown in popularity as software developers in the criminal underground have begun to offer easy-to-use applications that use SYN reflection scripts in DDoS-as-a-Service applications. Now even novices can launch SYN reflection attacks. Learn more about the threat of SYN DDoS and DrDoS attacks in this short presentation.

Published in: Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

An Analysis of DrDoS Methods: SYN Reflection DDoS Attacks

  1. 1. An Analysis of SYN Reflection DrDoS Attacks Selected excerpts SYN reflection attacks are one of the more sophisticated distributed denial of service (DDoS) attack methods and typically require some skill to execute. However, they have recently grown in popularity as they have become available as a DDoS-as-a-Service application from the criminal underground. Now even a novice can launch a SYN reflection attack. Software developers in the criminal underground wrap web-based graphical user interfaces around sophisticated attack scripts and offer them as convenient DDoS-as-a-Service apps, some of which can even be launched from a phone. DrDoS attacks SYN reflection attacks are a type of distributed reflection and amplification denial of service (DrDoS) attack. DrDoS attacks harness the bandwidth and processing power of other people’s networked servers and devices to amplify the power of a denial of service attack. SYN floods SYN attacks are used against targets that support TCP, a core communication protocol that enables computers to transmit data, such as web pages and email, over the Internet. Before data is transmitted between machines, the computers must first establish a connection by a multi-step handshake. If the handshake cannot be completed, the computers will keep trying to connect, as shown in Figure 1. The result is a SYN flood. Figure 1: In a SYN flood attack, SYN connection requests are repeated in rapid succession, until the target is overwhelmed 1
  2. 2. SYN reflection overwhelms the target The addition of spoofing creates a more powerful SYN attack through the use of reflection techniques. In a SYN reflection attack, at least three systems are involved: The attacker’s device, an intermediary victim (one or many), and the target, as shown in Figure 2. Spoofing allows the attacker to falsify that the target server is the source of the handshake requests. As a result, the victim tries to engage the target. Often, this continues until one or both experience an outage. Figure 2: SYN reflection attacks misdirect communication handshakes to the victim and target until they are overwhelmed The problem of backscatter from DDoS mitigation appliances Mitigation equipment can contribute to the damage caused by SYN reflection attacks, because DDoS mitigation appliances are programmed to challenge the connection requests to ensure the requests are legitimate. The mitigation equipment will keep challenging the request from the spoofed IP address, which creates backscatter toward the victim. More sophisticated mitigation techniques, such as packet analysis, can help minimize the problem of backscatter. Get the full white paper for more details Download the DrDoS series white paper, An Analysis of SYN Reflection Attacks, for details about the SYN reflection attacks and mitigation techniques, including: Why SYN reflection attacks create so much damage How attackers misuse the TCP handshake The problem of backscatter SYN reflection attack scenario Three common SYN reflection techniques Techniques for mitigating SYN attacks Attack signature to identify and stop spoofed SYN reflection attacks The more you know about DDoS attacks, the better you can protect your network against cybercrime. Download the free white paper An Analysis of SYN Reflection Attacks at About Prolexic Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services. Learn more at 2