http://www.prolexic.com | SYN reflection attacks are a sophisticated distributed denial of service – or DDoS – attack method that usually requires some skill to execute. However, SYN reflection attacks have recently grown in popularity as software developers in the criminal underground have begun to offer easy-to-use applications that use SYN reflection scripts in DDoS-as-a-Service applications. Now even novices can launch SYN reflection attacks. Learn more about the threat of SYN DDoS and DrDoS attacks in this short presentation.
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Prolexic slideshow: The Rising Danger of SYN Reflection DDoS Attacks
1. Denial of Service: SYN Reflection Attacks
How to protect your network
www.prolexic.com
2. SYN reflection attacks go mainstream
• Distributed reflection and amplification denial of
service attack, or DrDoS
• Malicious use of the TCP/IP Internet
communication handshake
• One of the more sophisticated DDoS attack
methods
• Growing in popularity due to DDoS-as-a-Service
apps
• Now even a novice can launch a SYN attack
2
CONFIDENTIAL
www.prolexic.com
3. DDoS-as-a-Service: Even a novice can do it
• Malicious actors wrap web-based
user interfaces around
sophisticated scripts
• Convenient DDoS-as-a-Service
apps
• Attackers can launch the DDoS
app from a smartphone or
computer
3
CONFIDENTIAL
www.prolexic.com
4. SYN reflection attack:
Misuse of the TCP handshake
• The attacker’s target must support the
Transmission Control Protocol (TCP), a common
Internet protocol
• TCP lets computers transmit data over the
Internet, such as web pages and email
• Before data is transmitted between machines, the
computers must first establish a connection by a
multi-step SYN-ACK handshake
• If a handshake cannot be completed, the
computers repeat the attempt
4
CONFIDENTIAL
www.prolexic.com
5. What is a SYN flood?
• SYN connection requests are repeated in rapid
succession, until the target is overwhelmed
5
CONFIDENTIAL
www.prolexic.com
6. Spoofing misdirects the handshakes
• At least three systems are involved:
– The attacker’s
– An intermediary victim – one or many
– The target
• Spoofing allows the attacker to pretend the target
server is the source of the handshake requests
• The attacker gets the victim to try to connect to
the target
• Excessive connection requests overwhelm the
victim and the target
6
CONFIDENTIAL
www.prolexic.com
7. What is a SYN reflection attack?
• A malicious
actor bounces
SYN requests
off an
intermediary
victim machine
7
CONFIDENTIAL
www.prolexic.com
8. SYN attack mitigation:
Minimize backscatter from mitigation devices
• Automated mitigation devices challenge SYN
attacks to ensure they are legitimate
• But unmanned DDoS mitigation devices can create
backscatter, compounding the effects of an attack
• The mitigation equipment will keep challenging the
request from the spoofed IP address
• The result is backscatter toward the target server
• Packet analysis can minimize backscatter
8
www.prolexic.com
9. Learn more in the white paper
• Download the DrDoS white paper: Analysis of SYN
Reflection Attacks
• In this white paper, you’ll learn:
–
–
–
–
–
–
–
9
Why SYN reflection attacks create so much damage
How attackers misuse the TCP handshake
The problem of backscatter
SYN reflection attack scenario
Three common SYN reflection techniques
SYN mitigation techniques
Attack signature to identify and stop spoofed SYN
reflection attacks
www.prolexic.com
10. About Prolexic
• Prolexic Technologies is the world’s largest and
most trusted provider of DDoS protection and
mitigation services.
• Prolexic has successfully stopped DDoS attacks for
more than a decade.
• We can stop even the largest attacks that exceed
the capabilities of other DDoS mitigation service
providers.
10
www.prolexic.com