Prolexic slideshow: The Rising Danger of SYN Reflection DDoS Attacks


Published on | SYN reflection attacks are a sophisticated distributed denial of service – or DDoS – attack method that usually requires some skill to execute. However, SYN reflection attacks have recently grown in popularity as software developers in the criminal underground have begun to offer easy-to-use applications that use SYN reflection scripts in DDoS-as-a-Service applications. Now even novices can launch SYN reflection attacks. Learn more about the threat of SYN DDoS and DrDoS attacks in this short presentation.

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Prolexic slideshow: The Rising Danger of SYN Reflection DDoS Attacks

  1. 1. Denial of Service: SYN Reflection Attacks How to protect your network
  2. 2. SYN reflection attacks go mainstream • Distributed reflection and amplification denial of service attack, or DrDoS • Malicious use of the TCP/IP Internet communication handshake • One of the more sophisticated DDoS attack methods • Growing in popularity due to DDoS-as-a-Service apps • Now even a novice can launch a SYN attack 2 CONFIDENTIAL
  3. 3. DDoS-as-a-Service: Even a novice can do it • Malicious actors wrap web-based user interfaces around sophisticated scripts • Convenient DDoS-as-a-Service apps • Attackers can launch the DDoS app from a smartphone or computer 3 CONFIDENTIAL
  4. 4. SYN reflection attack: Misuse of the TCP handshake • The attacker’s target must support the Transmission Control Protocol (TCP), a common Internet protocol • TCP lets computers transmit data over the Internet, such as web pages and email • Before data is transmitted between machines, the computers must first establish a connection by a multi-step SYN-ACK handshake • If a handshake cannot be completed, the computers repeat the attempt 4 CONFIDENTIAL
  5. 5. What is a SYN flood? • SYN connection requests are repeated in rapid succession, until the target is overwhelmed 5 CONFIDENTIAL
  6. 6. Spoofing misdirects the handshakes • At least three systems are involved: – The attacker’s – An intermediary victim – one or many – The target • Spoofing allows the attacker to pretend the target server is the source of the handshake requests • The attacker gets the victim to try to connect to the target • Excessive connection requests overwhelm the victim and the target 6 CONFIDENTIAL
  7. 7. What is a SYN reflection attack? • A malicious actor bounces SYN requests off an intermediary victim machine 7 CONFIDENTIAL
  8. 8. SYN attack mitigation: Minimize backscatter from mitigation devices • Automated mitigation devices challenge SYN attacks to ensure they are legitimate • But unmanned DDoS mitigation devices can create backscatter, compounding the effects of an attack • The mitigation equipment will keep challenging the request from the spoofed IP address • The result is backscatter toward the target server • Packet analysis can minimize backscatter 8
  9. 9. Learn more in the white paper • Download the DrDoS white paper: Analysis of SYN Reflection Attacks • In this white paper, you’ll learn: – – – – – – – 9 Why SYN reflection attacks create so much damage How attackers misuse the TCP handshake The problem of backscatter SYN reflection attack scenario Three common SYN reflection techniques SYN mitigation techniques Attack signature to identify and stop spoofed SYN reflection attacks
  10. 10. About Prolexic • Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services. • Prolexic has successfully stopped DDoS attacks for more than a decade. • We can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers. 10